| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | François Beausoleil <francois(at)teksol(dot)info>, Forums postgresql <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Role Inheritance Without Explicit Naming? |
| Date: | 2014-03-03 15:53:37 |
| Message-ID: | 5314A581.2000104@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 03/02/2014 08:48 PM, François Beausoleil wrote:
> Hi all,
>
> I have four roles involved:
>
> meetphil - the database owner, should not login
> mpwebui - the role the web application logs in as, should have very limited privileges, but should be able to SET ROLE to a user that has the correct privileges, should login
> mpusers - the main group for regular users, the group on which I'll grant default privileges, should not login
> francois - one of the roles that has the right to do stuff, should login
>
> I've gist'd everything here: https://gist.github.com/francois/9318054 (also appended at the end of this email).
>
> In a fresh cluster, I create my users:
>
> $ psql -U meetphil -d meetphil
> psql (9.1.5)
> Type "help" for help.
>
> meetphil=> \du
> List of roles
> Role name | Attributes | Member of
> -----------+------------------------------------------------+-----------
> colette | | {mpusers}
> francois | | {mpusers}
> meetphil | | {}
> mpusers | Cannot login | {}
> mpwebui | No inheritance | {mpusers}
> postgres | Superuser, Create role, Create DB, Replication | {}
> rene | | {mpusers}
>
If I am following correctly what you want is something like this:
------ mpusers < ----
| |
\|/ |
francois mpwebui
In other words access sibling roles through a parent role. Is this correct?
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | James Harper | 2014-03-03 20:10:40 | Re: multiple results from a function |
| Previous Message | Anh Pham | 2014-03-03 15:38:38 | execute table query in backend |