| From: | Michael Orlitzky <michael(at)orlitzky(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: State of the art re: group default privileges |
| Date: | 2013-03-21 14:52:52 |
| Message-ID: | 514B1EC4.3090104@orlitzky.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 03/21/2013 10:39 AM, Adrian Klaver wrote:
>>
>> This won't fly unfortunately. It's a shared host, and the "developers"
>> are a mixed bag of our employees, consultants, and the customer's employees.
>
> Do not follow. The set role= is put on a login role. It will only work
> on those databases the user role is allowed to log into.
If one of our employees creates a table for one of our other projects,
in one of our other databases, we don't want it being owned by a group
of people who don't work for us.
Or if we're working on a project for customer2, we don't want everything
to be owned by the developers group if "developers" contains customer1's
employees.
(Not to mention: how would this work if we wanted to have two separate
developers groups? I.e. if we had devs1 and devs2, with only some people
in common.)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2013-03-21 15:34:51 | Re: State of the art re: group default privileges |
| Previous Message | Adrian Klaver | 2013-03-21 14:39:03 | Re: State of the art re: group default privileges |