Postgres Pro
Downloads
Home   >   mailing lists

Re: User Quota Implementation - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: User Quota Implementation
Date
Msg-id 20050613201708.GH30011@ns.snowman.net
Whole thread Raw
In response to Re: User Quota Implementation  (Josh Berkus <josh@agliodbs.com>)
List pgsql-hackers
Tree view 
* Josh Berkus (josh@agliodbs.com) wrote:
> Yeah, the problem is that with the upcoming "group ownership" I see
> user-based quotas as being rather difficult to implement unambiguously.

I'm not sure it'd be terribly different with roles than with
user/groups.  A role gets a quota, anything which that role is the owner
of counts towards that quota.  The only possibly annoying part about
this is that there isn't a direct way (yet) to create an object owned by
someone other than yourself.

An example:

Role john isn't really supposted to use up much disk space.
Role admin can use up lots of disk space.
Role john is a member of role admin.

In order to use up much disk space, john needs to, say, create a table
and then change ownership to admin before populating that table.  An
interesting idea would be to allow for a session variable which the user
could set to a particular role (which that user is a member of) and have
that role then own any objects created.  In that instance it's possible
john's quota could be 0.

I'm not entirely sure if that's something CURRENT_USER/SESSION_USER/etc
could be correctly used for.

> Even more so when we get "local users" in the future.   So I'd only want
> to do it if there was a real-world use case that tablespace quotas
> wouldn't satisfy.

Local users actually makes me think the per-user quota would make *more*
sense, following along your example below...

> For the basic ISP space, tablespace quotas seem a lot more apt for that
> case.  You give each user a database, and put it in its own tablespace and
> don't give them permissions to change it.  That way you could have user
> e-mail, web, and database in the same directory tree for easy
> backup/transfer.  It also means that you can use filesystem controls to
> double-check the tablespace maximums.

In the basic ISP scenario, you give each customer a database, in its own
tablespace, with quotas on that tablespace.  With local roles that
customer may then have multiple users and want to establish different
quotas for them.

Just some thoughts.
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: "Marc G. Fournier"
Date:
Subject: REINDEX SYSTEM tables ... index disappearing ... ?
Next
From: Andrew - Supernews
Date:
Subject: Re: REINDEX SYSTEM tables ... index disappearing ... ?