New Model For Role Attributes and Fine Grained Permssions

Hi All,

This is a "proof-of-concept" patch for a new model around role attributes
and fine grained permissions meant to alleviate the current over dependence
on superuser.

This is not yet complete and only serves as a proof-of-concept at this
point, but I wanted to share it in the hopes of receiving comments,
suggestions and general feedback.

The general gist of this patch is as follows:

* New system catalog "pg_permission" that relates role id's to permissions.

* New syntax.
- GRANT <permission> TO <role>
- REVOKE <permission> FROM <role>
where, <permission> is one of an enumerated value, such as "CREATE ROLE" or
"CREATE DATABASE".

* Refactor CREATEDB and NOCREATEDB role attribute to "CREATE DATABASE"
permission set by GRANT or REVOKE.

* Refactor CREATEROLE and NOCREATEROLE role attribute to "CREATE ROLE"
permission set by GRANT or REVOKE.

Again, this is meant to serve as a proof-of-concept. It is not
comprehensive and only demonstrates how this might work with a few already
defined permissions.

I have attached the current patch based on master.

Any comments or feedback would be greatly appreciated.

Thanks,
Adam

--
Adam Brightwell - adam(dot)brightwell(at)crunchydatasolutions(dot)com
Database Engineer - www.crunchydatasolutions.com