| From: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Clark C(dot) Evans *EXTERN*" <cce(at)clarkevans(dot)com>, PostgreSQL-Dev <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: GRANT role_name TO role_name ON database_name |
| Date: | 2013-05-29 12:17:16 |
| Message-ID: | A737B7A37273E048B164557ADEF4A58B13C950BE@ntex2010i.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Clark C. Evans wrote:
>>> I'd really love the ability to grant a *user*
>>> role-based privileges database by database.
>>
>> The only cluster-wide role permissions are the options
>> SUPERUSER, CREATEDB, CREATEROLE, INHERIT,
>> LOGIN and REPLICATION.
>
> Incorrect; role-to-role membership (different from INHERIT)
> is also a cluster-wide role permission. Hence, I have no
> way to assign a user "auditor" role in one database, and not
> grant that same user "auditor" role in another database.
Now I understand what you want.
Maybe the db_user_namespace parameter can help:
http://www.postgresql.org/docs/9.2/static/runtime-config-connection.html#GUC-DB-USER-NAMESPACE
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dimitri Fontaine | 2013-05-29 12:52:46 | Re: pg_dump with postgis extension dumps rules separately |
| Previous Message | Clark C. Evans | 2013-05-29 11:49:45 | Re: GRANT role_name TO role_name ON database_name |