| From: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
|---|---|
| To: | Carlos Mennens <carlos(dot)mennens(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Role Membership |
| Date: | 2010-12-20 18:32:56 |
| Message-ID: | AANLkTinqPM6vN2x7KxQb6pZ0jb4=7Nawa_S7exKDOkdf@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Dec 20, 2010 at 10:12 AM, Carlos Mennens
<carlos(dot)mennens(at)gmail(dot)com> wrote:
> On Mon, Dec 20, 2010 at 12:05 PM, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> wrote:
>> Odd, mine does. Got a complete example of creating a role and not seeing it?
>>
>> Here's mine:
>> smarlowe=# create role stans;
>> CREATE ROLE
>> smarlowe=# \dg
>> List of roles
>> Role name | Attributes | Member of
>> -----------+--------------+-----------
>> postgres | Superuser | {}
>> : Create role
>> : Create DB
>> smarlowe | Superuser | {}
>> : Create role
>> : Create DB
>> stans | Cannot login | {}
>
> I guess I am still confused by role / group & user accounts. If you
No user, no group, they're al roles. Roles are both / either.
> create a role / group called 'finance', it then shows up as a user
> when I do \dg? Then how do I make users a member of the 'finance' role
Yep, it shows up as a ROLE.
> / group if they're listed just like regular users are?
You grant them that:
grant rolename to username;
Then you only ever have to grant / revoke a role to change
permissions, no need to do a million grants all over the place on each
table. Just grant it once to the role, grant the role to the user,
viola, you're done.
>
> easports=# CREATE ROLE finance;
> CREATE ROLE
> easports=# \dg
> List of roles
> Role name | Attributes | Member of
> -----------+-----------------------------------+-----------
> cmennens | Superuser | {}
> finance | Cannot login | {}
> postgres | Superuser, Create role, Create DB | {}
>
> From the above listing, I would expect 'finance' to not be listed with
> my users since finance is a role / group, not a single user. I want to
> make specific users members of 'finance'. Am I missing something or
> just slow today?
>
>>> 2. How to see which 'users' are all members of 'accounting'? Would
>>> that be done simply with '\dg'?
>>
>> Yeah.
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>
--
To understand recursion, one must first understand recursion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kenneth Buckler | 2010-12-20 19:12:24 | PostgreSQL Trusted Startup |
| Previous Message | Tom Lane | 2010-12-20 17:48:04 | Re: libpq ASYNC with PQgetResult and PQisBusy |