> > > I have another question about GRANT/REVOKE:
> > >
> > > grant <privilege[,privilege,...]>
> > > on <rel1>[,...<reln>]
> > > to [public | GROUP <group> | <username>]
> > > ^^^^^^^^^^^^^
> > > I don't know how to create a GROUP ?
> >
> > I believe that you use "CREATE USER groupname", and then can assign
> > privileges to that pseudo-user/group, and then add users to that
> > group. Have you tried that?
> postgres=> create user grupo;
> CREATE USER
> postgres=> grant all on tmp to grupo;
> CHANGE
> create user joe in group grupo;
> CREATE USER
> postgres=> grant select on tmp to group grupo;
> ERROR: non-existent group "grupo"
Can someone tell us how "groups" work? I'm not finding enough clues just
by looking in the parser, and haven't stumbled across it in the docs...
Once a group is manually created with insert into pg_group values ...
it can be used by the create user, alter user and grant to group syntax.
A create group <groupname> is still missing in the grammar,
it would simply need to do the insert. Groups are very helpful with
many users that all need similar grants. You grant rights to the group
and then grant groups to users. The ANSI92 naming is "role",
if we enhance the group stuff maybe it would be good to convert to the
"role" naming of group code, althougth I like "group" more.
Andreas