Postgres Pro
Downloads
Home   >   mailing lists

Re: Role Membership - Mailing list pgsql-general

From Adrian Klaver
Subject Re: Role Membership
Date
Msg-id 4D0F8F82.9060902@gmail.com
Whole thread Raw
In response to Re: Role Membership  (Carlos Mennens <carlos.mennens@gmail.com>)
List pgsql-general
Tree view 
On 12/20/2010 08:12 AM, Carlos Mennens wrote:
> On Mon, Dec 20, 2010 at 10:41 AM, Adrian Klaver<adrian.klaver@gmail.com>  wrote:
>> Roles = users/groups. In older versions there where users and groups, that has
>> been consolidated into the concept of a role. If it makes it easier I use the
>> concept of roles with login privileges as a users and roles without as groups.
>
> So I did a \dg&  a \du according to '\?'&  I can't see the difference
> between the two commands. One is listed as showing 'users' and the
> other for 'groups' but the output looks identical to me. Perhaps my
> database is not that robust yet.

There is no difference. Let me see if I can explain better. In older
versions of Postgres(cannot remember when the switch was made) there
where indeed USERS and GROUPS. They where distinct and different
commands where used to create and view them. At some point the functions
served by the them where all consolidated into the concept of a ROLE.
For backwards comparability the terms USER and GROUP are still with us,
as well as the creation and view commands. At this point though they
point to ROLES. ROLES have the attributes of both USERS and GROUPS and
this is where my suggestion above came from. When creating a ROLE with
login privileges it is useful to think of that as a USER. A ROLE you
create without login privileges can be thought of as a GROUP. These are
only mental shortcuts and are not reflected in the \d commands.

>
> So if I wanted to create a group / role for accounting, would I simply just do:
>
> CREATE ROLE accounting;

Yes

>
> My question is I can't find:
>
> 1. How to view all previously created roles on my database. '\dg'
> doesn't show me the new role I created above.

Did the command above return successfully?

> 2. How to see which 'users' are all members of 'accounting'? Would
> that be done simply with '\dg'?
>

Yes it would once you assign users to that ROLE.

To really understand you need to go over the SQL commands
CREATE ROLE
GRANT
and go through the below several times:
http://www.postgresql.org/docs/9.0/interactive/user-manag.html

I ended up setting up a test database and creating roles in it. I then
worked through a variety of scenarios to see how the ROLE mechanism
worked, especially the INHERIT attribute.

--
Adrian Klaver
adrian.klaver@gmail.com

pgsql-general by date:

Previous
From: Carlos Mennens
Date:
Subject: Re: Role Membership
Next
From: Merlin Moncure
Date:
Subject: Re: Postgres 9.0 Hiding CONTEXT string in Logs