From: | Joe Conway <mail(at)joeconway(dot)com> |
---|---|
To: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH v2] use has_privs_for_role for predefined roles |
Date: | 2022-02-09 21:39:11 |
Message-ID: | e2955bbc-f7f4-cb80-d35a-ff754898bab0@joeconway.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2/9/22 13:13, Nathan Bossart wrote:
> On Tue, Feb 08, 2022 at 10:54:50PM -0500, Robert Haas wrote:
>> On Tue, Feb 8, 2022 at 7:38 PM Joe Conway <mail(at)joeconway(dot)com> wrote:
>>> If we were to start all over again with this feature my vote would be to
>>> do things differently than we have done. I would not have called them
>>> predefined roles, and I would have used attributes of roles (e.g. make
>>> rolsuper into a bitmap rather than a boolean) rather than role
>>> membership to implement them. But I didn't find time to participate in
>>> the original discussion or review/write the code, so I have little room
>>> to complain.
>>
>> Yep, fair. I kind of like the predefined role concept myself. I find
>> it sort of elegant, mostly because I think it scales better than a
>> bitmask, which can run out of bits surprisingly rapidly. But opinions
>> can vary, of course.
>
> I do wonder if users find the differences between predefined roles and role
> attributes confusing. INHERIT doesn't govern role attributes, but it will
> govern predefined roles when this patch is applied. Maybe the role
> attribute system should eventually be deprecated in favor of using
> predefined roles for everything. Or perhaps the predefined roles should be
> converted to role attributes.
Yep, I was suggesting that the latter would have been preferable to me
while Robert seemed to prefer the former. Honestly I could be happy with
either of those solutions, but as I alluded to that is probably a
discussion for the next development cycle since I don't see us doing
that big a change in this one.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2022-02-09 21:40:59 | Re: decoupling table and index vacuum |
Previous Message | Magnus Hagander | 2022-02-09 21:32:59 | Re: New developer papercut - Makefile references INSTALL |