From: | "Thomas Sondag" <thomas(dot)sondag(at)gmail(dot)com> |
---|---|
To: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk> |
Cc: | pgadmin-support(at)postgresql(dot)org |
Subject: | Re: Proposed Patchs |
Date: | 2006-05-29 09:01:58 |
Message-ID: | 2354aa530605290201s399d3555t4db5cd2c36c4d88f@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
2006/5/24, Dave Page <dpage(at)vale-housing(dot)co(dot)uk>:
>
>
> > -----Original Message-----
> > From: pgadmin-support-owner(at)postgresql(dot)org
> > [mailto:pgadmin-support-owner(at)postgresql(dot)org] On Behalf Of
> > Thomas Sondag
> > Sent: 24 May 2006 17:28
> > To: pgadmin-support(at)postgresql(dot)org
> > Subject: [pgadmin-support] Proposed Patchs
> >
> > Hi,
> >
> > With PostgreSQL 8.1 and new ROLE object remplacing traditional
> > USER/GROUP, I was a bit confuse using the dlgProperty and
> > dlgSecurityProperty dialog because I can only select USER (ROLE with
> > LOGIN privilege) for owner and GROUP (ROLE without LOGIN privilege)
> > for privileges .
> > And I not sure this comportment can match all PostgreSQL 8.1 usages
> > scenarios (like one of my case).
> >
> > This proposed patch :
> > - change owner and privilege list to get the full ROLE list.
>
> How is this different from the current behaviour if the Show Users for
> Privileges option is turned on? The whole point there is to promote the
> use of group based permissions rather than user based for both
> simplicity (because the list only shows the groups), and for cleanliness
> of design (users come and go, groups tend to be more permanent). In 8.1+
> of course, we simply replace users and groups with roles with or without
> the login flag.
>
Hum, I miss this option ... sorry, but the main difference with the
current behaviour is for object owning. The main idea was to set
object owner to a group like that :
database foo -> group foo
schema bar -> group bar
schema bar read user -> user toto
I don't know if that's a good policy, but this case may exist, we may
add an option like "Show Group for object owning" ?
This is not the appropriate list to talk about that, but I'm realy
interested in a good practice guide for privilege and owning
management for PostgreSQL, like create an admin account without
superuser right, use samerole in pg_hba.conf and so on ...
> > - select by default currently connected ROLE in the owner list
> > (replacing the blank filed) for new object creation
>
> OK.
>
The last bug I have is for database creation, I don't know how to get
the current login.
> > - remove pg_global in the available tablespace list
>
> Probably a good idea, yes.
>
> > - select current user default tablespace in tablespace list
> > (replacing the blank filed, yes I don't like blank field) for new
> > object creation
>
> OK.
>
> Regards, Dave.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>
Thomas
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2006-05-29 19:22:10 | Re: Proposed Patchs |
Previous Message | plaschke | 2006-05-29 07:29:05 | pgadmin does not display null in boolean field |