## Stephen Frost (sfrost@snowman.net):
> We already have a reserved namespace when it comes to roles,
> specifically "pg_".. why invent something new like this '&' prefix when
> we could just declare that 'pg_superusers' is a role to which all
> superusers are members? Or something along those lines?
Taking this idea one step further (back?): with any non-trivial
number of (user-)roles in the database, DBAs would be well advised
to use group(-role)s for privilege management anyways. It's not
to unreasonable to grant SUPERUSER through a group, too. Although
I'm not sure we'd need a new pg_superuser role here, we're not
inventing a new set of object privileges as in e.g. pg_monitor;
the DBA can just create their own superuser group.
Is there really a need to add more features, or would it be sufficient
to make the applications of group roles more prominent in the docs?
(I've seen way too many cases in which people where granting privileges
to individual users when they should have used groups, so I might
be biased).
Regards,
Christoph
--
Spare Space
