AW: [HACKERS] Re: PostgreSQL reference manual - Mailing list pgsql-hackers

From Zeugswetter Andreas
Subject AW: [HACKERS] Re: PostgreSQL reference manual
Date
Msg-id 01BD5686.F0437100@pc9358.sd.spardat.at
Whole thread Raw
Responses Re: AW: [HACKERS] Re: PostgreSQL reference manual
List pgsql-hackers
> > > I have another question about GRANT/REVOKE:
> > >
> > >       grant <privilege[,privilege,...]>
> > >            on <rel1>[,...<reln>]
> > >            to [public | GROUP <group> | <username>]
> > >                         ^^^^^^^^^^^^^
> > > I don't know how to create a GROUP ?
> >
> > I believe that you use "CREATE USER groupname", and then can assign
> > privileges to that pseudo-user/group, and then add users to that
> > group. Have you tried that?
> postgres=> create user grupo;
> CREATE USER
> postgres=> grant all on tmp to grupo;
> CHANGE
> create user joe in group grupo;
> CREATE USER
> postgres=> grant select on tmp to group grupo;
> ERROR:  non-existent group "grupo"

Can someone tell us how "groups" work? I'm not finding enough clues just
by looking in the parser, and haven't stumbled across it in the docs...

Once a group is manually created with insert into pg_group values ...
it can be used by the create user, alter user and grant to group syntax.
A create group <groupname> is still missing in the grammar,
it would simply need to do the insert. Groups are very helpful with
many users that all need similar grants. You grant rights to the group
and then grant groups to users. The ANSI92 naming is "role",
if we enhance the group stuff maybe it would be good to convert to the
"role" naming of group code, althougth I like "group" more.

Andreas





pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] mega-patch--tcl/tk configuration
Next
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] PostgreSQL Reference Guide