Rob Sargent <robjsargent@gmail.com> writes:
>> On Sep 20, 2019, at 6:15 AM, Tim Clarke <tim.clarke@minerva.info> wrote:
> On 20/09/2019 12:50, David Gallagher wrote:
>>> ... would it make sense to have a user account on the database
>>> to mirror the user account from the web app? Is that an unusual practice?
>> Not at all, we're doing it
> But you likely want a many-to-one mapping of actual user to permission group
Yeah. You're likely to end up with a *lot* of user accounts in this
scenario. There is a restriction on how many distinct GRANTs you can
issue against any one object --- performance will get bad if the ACL
list gets too large. However, you can add lots of users to any group
role. So put the users into appropriate group(s) and issue database
permissions on the group level.
regards, tom lane