Re: GRANT role_name TO role_name ON database_name

On Wed, May 29, 2013, at 09:45 AM, Stephen Frost wrote:
> * Albe Laurenz (laurenz(dot)albe(at)wien(dot)gv(dot)at) wrote:
> > Maybe the db_user_namespace parameter can help:
> > http://www.postgresql.org/docs/9.2/static/runtime-config-connection.html#GUC-DB-USER-NAMESPACE
>
> I doubt it and I wouldn't encourage anyone to use it even if it happened
> to help in this situation..

This feature won't help me, and I'd concur with Stephen that
I wouldn't encourage its use. Auto-magical name-mangling
sounds suspiciously like an application feature.

The major problem isn't prefixing - you can do that in application
logic easy enough. The harder problem is that this convention
would have to be respected by dump/restore and create database
from template. So, the application role auditor(at)sales would be
dumped in a serialization of the "sales" database; and, when
restored into "sales-testing" would become "auditor(at)sales-testing".

Speaking of which, the choice of a @ delimiter is unfortunate,
since email addresses (authenticated by Mozilla Persona) make
lovely user names. If a delimiter is used for name mangling,
I'd lobby for a character that is an "unwise" RFC2396 character
and not a "reserved" RFC3986 character. So, perhaps the
PIPE (|) or caret (^) would be good choices since those can
be percent-encoded in valid emails, and don't have assigned
meanings as a standard URI.

Best,

Clark