Re: Proposed Patchs - Mailing list pgadmin-support
| From | Thomas Sondag |
|---|---|
| Subject | Re: Proposed Patchs |
| Date | |
| Msg-id | 2354aa530605290201s399d3555t4db5cd2c36c4d88f@mail.gmail.com Whole thread Raw |
| In response to | Re: Proposed Patchs ("Dave Page" <dpage@vale-housing.co.uk>) |
| List | pgadmin-support |
2006/5/24, Dave Page <dpage@vale-housing.co.uk>: > > > > -----Original Message----- > > From: pgadmin-support-owner@postgresql.org > > [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of > > Thomas Sondag > > Sent: 24 May 2006 17:28 > > To: pgadmin-support@postgresql.org > > Subject: [pgadmin-support] Proposed Patchs > > > > Hi, > > > > With PostgreSQL 8.1 and new ROLE object remplacing traditional > > USER/GROUP, I was a bit confuse using the dlgProperty and > > dlgSecurityProperty dialog because I can only select USER (ROLE with > > LOGIN privilege) for owner and GROUP (ROLE without LOGIN privilege) > > for privileges . > > And I not sure this comportment can match all PostgreSQL 8.1 usages > > scenarios (like one of my case). > > > > This proposed patch : > > - change owner and privilege list to get the full ROLE list. > > How is this different from the current behaviour if the Show Users for > Privileges option is turned on? The whole point there is to promote the > use of group based permissions rather than user based for both > simplicity (because the list only shows the groups), and for cleanliness > of design (users come and go, groups tend to be more permanent). In 8.1+ > of course, we simply replace users and groups with roles with or without > the login flag. > Hum, I miss this option ... sorry, but the main difference with the current behaviour is for object owning. The main idea was to set object owner to a group like that : database foo -> group foo schema bar -> group bar schema bar read user -> user toto I don't know if that's a good policy, but this case may exist, we may add an option like "Show Group for object owning" ? This is not the appropriate list to talk about that, but I'm realy interested in a good practice guide for privilege and owning management for PostgreSQL, like create an admin account without superuser right, use samerole in pg_hba.conf and so on ... > > - select by default currently connected ROLE in the owner list > > (replacing the blank filed) for new object creation > > OK. > The last bug I have is for database creation, I don't know how to get the current login. > > - remove pg_global in the available tablespace list > > Probably a good idea, yes. > > > - select current user default tablespace in tablespace list > > (replacing the blank filed, yes I don't like blank field) for new > > object creation > > OK. > > Regards, Dave. > > ---------------------------(end of broadcast)--------------------------- > TIP 3: Have you checked our extensive FAQ? > > http://www.postgresql.org/docs/faq > Thomas
pgadmin-support by date: