Re: Database Users Management and Privileges

From: Gunnar Rønning <gunnar(at)polygnosis(dot)com>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Jean-Francois Leveque <leveque(at)webmails(dot)com>, <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Database Users Management and Privileges
Date: 2001-07-06 18:53:05
Message-ID: m2elrt6ga6.fsf@smaug.polygnosis.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:

| > Better user management and policy delegations would be important
| > postgresql to succeed in enterprise environments.
|
| Keeping compatibility is also important.

Well nobody said you can't get both ;-)

| > to all databases, and you can create a user for a given database and assign
| > it to a login.
|
| That doesn't strike me as terribly better. Operating system
| administrators tend to unify user management across the whole network.
| You're essentially suggesting making separate users per file system.
| Ugh.

Well, it is important for some networks to have the ability to create users
local to a subset of the network. Let the sub networks manage themselves.
Matter of policy of course.

| > It would also be nice to be able to assign users to
| > groups(which in turn define access rights within the database).
|
| That would indeed be nice. That's why we have already implemented it.

Oops, sorry. RTFM.... But the set of permissions you can assign to a group is
fairly limited. E.g. I can't see that you are able to grant a user/group
create/drop table permissions for a database. Does that mean any user can
create/drop tables ? I think this is an example of a permission a DBA would
like to grant to users per database.

createuser/createdb are rights assigned to a user directly. Wouldn't it make
sense to be able to assign these rights to a group of users ?

regards,

Gunnar

--
Gunnar Rønning - gunnar(at)polygnosis(dot)com
Senior Consultant, Polygnosis AS, http://www.polygnosis.com/

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2001-07-06 19:04:43 Re: FE/BE protocol oddity
Previous Message Tom Lane 2001-07-06 18:50:42 Re: Vacuum and Transactions