Re: Groups and roles - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Groups and roles
Date
Msg-id Pine.LNX.4.44.0306181732270.2501-100000@peter.localdomain
Whole thread Raw
In response to Re: Groups and roles  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Groups and roles
List pgsql-hackers
Tom Lane writes:

> Hm.  That seems to be another reason to unify usesysid and grosysid into
> a single unique something-id.  Which probably implies unifying pg_shadow
> and pg_group into one table.

Maybe this is too radical, but why not merge "user" and "group" into one
animal?  Both exist to bear privileges.  The only difference is that
groups can contain other bearers of privileges, but then a user is just a
special case with zero members.  Once you allow groups to have the
possibilities that users currently have (createdb privilege, object
ownership), there is no difference left.  Of course, one such "animal"
would be the session user and interact with pg_hba.conf, but that is just
an ID, which may as well be a group.

-- 
Peter Eisentraut   peter_e@gmx.net



pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: Groups and roles
Next
From: "Andrew Dunstan"
Date:
Subject: Re: information Windows - PostgreSQL