Home > mailing lists

Re: Proposal: allow database-specific role memberships - Mailing list pgsql-hackers

From	David G. Johnston
Subject	Re: Proposal: allow database-specific role memberships
Date	October 11, 2021 18:44:20
Msg-id	CAKFQuwaCeF-qZab5RVKQZMQT11gkATtwcjKWf-VYGdu6w5D9OA@mail.gmail.com Whole thread Raw
In response to	Re: Proposal: allow database-specific role memberships (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Proposal: allow database-specific role memberships (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On Monday, October 11, 2021, Stephen Frost <sfrost@snowman.net> wrote:

I don't think "just don't grant access to those other databases"
is actually a proper answer- there is certainly a use-case for "I want
user X to have read access to all tables in *this* database, and also
allow them to connect to some other database but not have that same
level of access there."

Sure, that has a benefit. But creating a second user for the other database and putting the onus on the user to use the correct credentials when logging into a particular database is a valid option - it is in fact the status quo. Due to the complexity of adding a whole new grant dimension to the system the status quo is an appealing option. Annoyance factor aside it technically solves the per-database permissions problem put forth.

David J.

pgsql-hackers by date:

From: Fujii Masao
Date: 11 October 2021, 18:29:03
Subject: Re: Inconsistency in startup process's MyBackendId and procsignal array registration with ProcSignalInit()

From: "David G. Johnston"
Date: 11 October 2021, 18:47:55
Subject: Re: Corruption with IMMUTABLE functions in index expression.

Re: Proposal: allow database-specific role memberships - Mailing list pgsql-hackers

Previous

Next