From: | Dmitriy Igrishin <dmitigr(at)gmail(dot)com> |
---|---|
To: | Tony Cebzanov <tonyceb(at)andrew(dot)cmu(dot)edu> |
Cc: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Advice needed on application/database authentication/authorization/auditing model |
Date: | 2010-10-26 20:49:10 |
Message-ID: | AANLkTik6hGquMvXiONzzpOweR7NcWJ-3P_AknSBb_mju@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hey Tony,
2010/10/27 Tony Cebzanov <tonyceb(at)andrew(dot)cmu(dot)edu>
> On 10/23/10 11:01 AM, Craig Ringer wrote:
> > Yep. As for not explicitly mentioning "lower" roles when granting a
> > higher role (ie "admin" isn't also a "user") - role inheritance.
>
> I knew about role inheritance, I just didn't know about the
> pg_has_role() function for determining if a user has a role. That's
> helpful, but I really don't want to be hitting the database with a
> pg_has_role() call for every time I want to check if a user should have
> access to a certain page or function in my application.
>
Why not? Performance? It's just one function call.
>
> Normally, when the user logs in, I'd cache their user info, and any
> roles they have, either directly or indirectly. But how can I do this
> if I'm not directly making administrators members of the other groups
> they inherit the rights of? In other words, is there a convenience
> function or view I can use to get a list of all roles the user has
> access to, both directly or indirectly?
>
Please, see
http://www.postgresql.org/docs/9.0/static/infoschema-applicable-roles.html
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
--
// Dmitriy.
From | Date | Subject | |
---|---|---|---|
Next Message | Hfe80 | 2010-10-26 21:01:59 | DB become enormous with continuos insert and update |
Previous Message | Tony Cebzanov | 2010-10-26 20:30:10 | Re: Advice needed on application/database authentication/authorization/auditing model |