Re: CUG - Mailing list pgsql-novice

From Nabil Sayegh
Subject Re: CUG
Date
Msg-id 3A7C73F0.4BB0ACA5@sayegh.de
Whole thread Raw
In response to Re: CUG  (Francisco Reyes <fran@reyes.somos.net>)
Responses Re: CUG
PGSQL Hosting providers?
List pgsql-novice
Francisco Reyes wrote:
> I see no problems with that.
> There are several not too difficult ways to implement this, but you need
> to give us more details. I personally don't see the benefit AT ALL on
> using recursion. If someone needs access to different things which
> different groups have access to, then you add that person to the different
> groups which have ther proper rights.

If e.g. I want to restrict access to pictures to groups:

pics:
id    | group
-------------
1     | guest
2     | guest
3     | guest
4     | family
5     | friend
6     | friend
7     | family
8     | colleague
9     | guest

groups:
id       | parent_id
--------------------
guest    | NULL
friend   | guest
family   | friend
colleague| guest

assigned_groups:
user_id  | group_id
---------------------
Stefan   | colleague
Stefan   | friend
Patrick  | friend
1        | guest
2        | guest
3        | guest
Peter    | family

> Perhaps I don't know enough about what you are trying to do, but recursion
> does not sound like the right thing to use.

It's clear that everybody has the permissions that guests have.
Members of family shall also(automatically) have the permissions
that friends have ...
I want the same group management like under unix.

> > Q: Should I use the built in user/group features ? (If not: What are
> > they there for?)
> To determine who has rights and what type of rights to particular tables.

Okay, then I have to implement it in the app.

> Don't really see why you would need tree structures for an access policy
> type of databases.
> Right now I can not think of many instances where recursion can make your
> life easier in databases.

How shall I know that family may see 'guest-pictures' ?

Without groups in groups its easy to SELECT the pictures somebody has
access to,
but with ?
It isn't convenient having to put every user to all groups he has access
to.
What if later I want to give all colleagues the rights that my
friends have (stupid example, I know ...)

> Again if you give us more info about your goals we may be able to provide
> with better feedback.

thx

--
 Nabil Sayegh
 GPG-Key available at http://www.sayegh.de
 (see http://www.gnupg.org for details)

pgsql-novice by date:

Previous
From: Francisco Reyes
Date:
Subject: RE: RE: Sizing of LARGE databases.
Next
From: Francisco Reyes
Date:
Subject: Re: CUG