On 3 November 2014 at 17:08, Stephen Frost <sfrost@snowman.net> wrote:
> role attributes don't act like
> GRANTs anyway (there's no ADMIN option and they aren't inheirited).
I'm happy with us *not* doing this using GRANTs, as long as we spend
some love on the docs to show there is a very clear distinction
between the two.
Users get confused between privs, role attributes and SETs that apply to roles.
Introducing the new word "capability" needs to also have some clarity.
Is that the same thing as "role attribute", or is that a 4th kind of
thang?
Make things make sense and they're easy to agree.
-- Simon Riggs http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, RemoteDBA, Training &
Services
