On 10/23/10 11:01 AM, Craig Ringer wrote: > Yep. As for not explicitly mentioning "lower" roles when granting a > higher role (ie "admin" isn't also a "user") - role inheritance.
I knew about role inheritance, I just didn't know about the pg_has_role() function for determining if a user has a role. That's helpful, but I really don't want to be hitting the database with a pg_has_role() call for every time I want to check if a user should have access to a certain page or function in my application.
Why not? Performance? It's just one function call.
Normally, when the user logs in, I'd cache their user info, and any roles they have, either directly or indirectly. But how can I do this if I'm not directly making administrators members of the other groups they inherit the rights of? In other words, is there a convenience function or view I can use to get a list of all roles the user has access to, both directly or indirectly?
