From: | Gunnar Rønning <gunnar(at)polygnosis(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | Jean-Francois Leveque <leveque(at)webmails(dot)com>, <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Database Users Management and Privileges |
Date: | 2001-07-06 18:53:05 |
Message-ID: | m2elrt6ga6.fsf@smaug.polygnosis.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
| > Better user management and policy delegations would be important
| > postgresql to succeed in enterprise environments.
|
| Keeping compatibility is also important.
Well nobody said you can't get both ;-)
| > to all databases, and you can create a user for a given database and assign
| > it to a login.
|
| That doesn't strike me as terribly better. Operating system
| administrators tend to unify user management across the whole network.
| You're essentially suggesting making separate users per file system.
| Ugh.
Well, it is important for some networks to have the ability to create users
local to a subset of the network. Let the sub networks manage themselves.
Matter of policy of course.
| > It would also be nice to be able to assign users to
| > groups(which in turn define access rights within the database).
|
| That would indeed be nice. That's why we have already implemented it.
Oops, sorry. RTFM.... But the set of permissions you can assign to a group is
fairly limited. E.g. I can't see that you are able to grant a user/group
create/drop table permissions for a database. Does that mean any user can
create/drop tables ? I think this is an example of a permission a DBA would
like to grant to users per database.
createuser/createdb are rights assigned to a user directly. Wouldn't it make
sense to be able to assign these rights to a group of users ?
regards,
Gunnar
--
Gunnar Rønning - gunnar(at)polygnosis(dot)com
Senior Consultant, Polygnosis AS, http://www.polygnosis.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2001-07-06 19:04:43 | Re: FE/BE protocol oddity |
Previous Message | Tom Lane | 2001-07-06 18:50:42 | Re: Vacuum and Transactions |