Sitting on my todo list for a while has been to consider the idea of
adding a bit of additional functionality to createuser.
One of the functions of CREATE ROLE is to associate the role with
other roles, thus...
create role my_new_user nosuperuser nocreatedb login IN ROLE app_readonly_role, app2_writer_role;
That isn't something that I can do using createuser; to do that, I
would need to submit two requests separately:
PGUSER=postgres createuser -D -S -l my_new_user PGUSER=postgres psql -c "grant app_readonly_role, app2_writer_role
to my_new_user;"
I could certainly change over to using psql to do all the work, but it
would be rather nice if createuser had (say) a "-g" option which
allowed specifying the set of roles that should be assigned.
Thus, the above commands might be replaced by: PGUSER=postgres createuser -D -S -l -g
app_readonly_role,app2_writer_role my_new_user
Would this be worth adding to the ToDo list?
--
When confronted by a difficult problem, solve it by reducing it to the
question, "How would the Lone Ranger handle this?"
