Re: db_user_namespace a "temporary measure" - Mailing list pgsql-hackers

From Tom Lane
Subject Re: db_user_namespace a "temporary measure"
Date
Msg-id 12100.1394635693@sss.pgh.pa.us
Whole thread Raw
In response to Re: db_user_namespace a "temporary measure"  (Jaime Casanova <jaime@2ndquadrant.com>)
List pgsql-hackers
Jaime Casanova <jaime@2ndquadrant.com> writes:
> On Tue, Mar 11, 2014 at 10:06 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> But not sure how to define a unique
>> index that allows (joe, db1) to coexist with (joe, db2) but not with
>> (joe, 0).

> and why you want that restriction?

So that if I say "GRANT SELECT ON mytable TO joe", it's unambiguous which
user I'm granting to.  There should be at most one "joe" that can access
any given database.

If we don't have such a restriction, we'll need syntax kluges in GRANT,
ALTER OWNER, and probably other commands to disambiguate whether a local
or global user is meant.  Right now with the db_user_namespace mechanism,
you have to say GRANT ... TO "joe@db1" if you were granting to a local
user in db1.  That's unambiguous all right, but it has little else to
recommend it.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: pgstat wait timeout (RE: contrib/cache_scan)
Next
From: Tom Lane
Date:
Subject: Re: db_user_namespace a "temporary measure"