From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Role incompatibilities |
Date: | 2006-03-24 19:27:49 |
Message-ID: | 200603242027.50128.peter_e@gmx.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen Frost wrote:
> You were talking about 'enabled' vs. 'applicable' roles. Above
> they're talking about 'enabled authorization identifiers' (the list
> of roles you currently have the permissions of) and 'applicable
> privileges' (the specific privileges you have as that set of roles).
According to the definition, an authorization identifier is either a
user or a role, so I don't see where the problem is.
enabled authorization identifiers -- as defined
applicable authorization identifiers -- as defined
enabled roles -- all enabled authorization identifiers that are roles
applicable roles -- all applicable authorization identifiers that are
roles
> > > For 'applicable' roles:
> > >
> > > pg_has_role('abc','MEMBER');
> >
> > What you get from this has no equivalent in the SQL standard.
>
> This doesn't apply from what you've quoted above,
The set of roles pg_has_role('abc','MEMBER') minus
pg_has_role('abc','USAGE') can only be nonempty if you define roles
with NOINHERIT, but the SQL standard doesn't provide for that. QED.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2006-03-24 19:33:51 | Re: Domains as Subtypes |
Previous Message | Stephen Frost | 2006-03-24 19:13:05 | Re: Known but bad behavior with alter user? |