| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Petr Jelinek <petr(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Additional role attributes && superuser review |
| Date: | 2015-01-19 14:59:14 |
| Message-ID: | CA+U5nMLdQRRHOdotxcg-nN_yLqs6QsxzEt1+YUC8jxeHc+jvGw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 3 November 2014 at 17:08, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> role attributes don't act like
> GRANTs anyway (there's no ADMIN option and they aren't inheirited).
I'm happy with us *not* doing this using GRANTs, as long as we spend
some love on the docs to show there is a very clear distinction
between the two.
Users get confused between privs, role attributes and SETs that apply to roles.
Introducing the new word "capability" needs to also have some clarity.
Is that the same thing as "role attribute", or is that a 4th kind of
thang?
Make things make sense and they're easy to agree.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, RemoteDBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Cédric Villemain | 2015-01-19 15:06:01 | Re: Fillfactor for GIN indexes |
| Previous Message | Tom Lane | 2015-01-19 14:53:46 | Re: Reducing buildfarm disk usage: remove temp installs when done |