Home > mailing lists

Re: [PATCHES] Users/Groups -> Roles - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCHES] Users/Groups -> Roles
Date	June 30, 2005 15:48:17
Msg-id	19492.1120146487@sss.pgh.pa.us Whole thread Raw
In response to	Re: [PATCHES] Users/Groups -> Roles (Stephen Frost <sfrost@snowman.net>)
Responses	Re: [PATCHES] Users/Groups -> Roles
List	pgsql-hackers

Tree view

Stephen Frost <sfrost@snowman.net> writes:
> That's controlled by pg_hba.conf though, isn't it?  The idea being that
> you'd like to give some people the ability to create users/roles, but to
> limit the databases those created users/roles could connect to by, say,
> requiring they have 'usage' or 'connect' permissions to that database,
> which could be set by the database owner; without the database owner
> having write permissions to the pg_hba.conf.

You can do that today by putting a group name in pg_hba.conf.  Roles
will make it more flexible; I don't see that we need anything more.

For instance, if pg_hba.conf says "samegroup" then you could manage
everything by associating a group with each database.
        regards, tom lane

pgsql-hackers by date:

From: Stephen Frost
Date: 30 June 2005, 15:44:49
Subject: Re: [PATCHES] Users/Groups -> Roles

From: Stephen Frost
Date: 30 June 2005, 15:50:28
Subject: Re: [PATCHES] Users/Groups -> Roles

Re: [PATCHES] Users/Groups -> Roles - Mailing list pgsql-hackers

Previous

Next