| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCHES] Users/Groups -> Roles |
| Date: | 2005-06-30 15:49:59 |
| Message-ID: | 20050630154958.GH24207@ns.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > That's controlled by pg_hba.conf though, isn't it? The idea being that
> > you'd like to give some people the ability to create users/roles, but to
> > limit the databases those created users/roles could connect to by, say,
> > requiring they have 'usage' or 'connect' permissions to that database,
> > which could be set by the database owner; without the database owner
> > having write permissions to the pg_hba.conf.
>
> You can do that today by putting a group name in pg_hba.conf. Roles
> will make it more flexible; I don't see that we need anything more.
>
> For instance, if pg_hba.conf says "samegroup" then you could manage
> everything by associating a group with each database.
Ahh, ok, good point. Sorry, I'd forgotten about that flexibility of
pg_hba.conf. Well, hopefully this will make some ISPs happy then. :)
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Glaesemann | 2005-06-30 16:01:27 | Re: Moving sequences to another schema |
| Previous Message | Tom Lane | 2005-06-30 15:48:07 | Re: [PATCHES] Users/Groups -> Roles |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2005-06-30 21:16:11 | Re: Constraint Exclusion (Partitioning) - Initial Review |
| Previous Message | Tom Lane | 2005-06-30 15:48:07 | Re: [PATCHES] Users/Groups -> Roles |