Dear Stephen,
> I'd really like to see role support added into 8.1.
I'm also pretty interested in this, and was planing loosely to think about
implementing roles someday. It is even better if it is done by someone
else;-)
> I've sent Alvaro and Tom versions of the patch in the past and I was
> planning on submitting it to -patches soon. There's a few remaining
> issue but I don't think they'll take very long to clean up; I've just
> been unfortunately pretty busy lately. I'm hopeful that I'll be able to
> spend some time on it this week and next week to hopefully address at
> least the remaining issues on my list.
I could not find this patch, although I wanted to have a look. After some
thinking on the subjet, ISTM that there are 4 key issues for roles to be
really interesting in postgresql, and I just wanted to state them:
(1) the role rights should *supercede* group/user rights. E.g. if an admin chose to act in the role
"readonly-client", then it should be restricted to what this role allows.
(2) roles should be per *catalog* (database), not per cluster (installation) as "user" and "group".
(3) role management should be a natural privilege of the database *owner*.
(4) user/group/role will make "permission denied" errors even harder to comprehend and solve as they are already, so
insteadof "permission denied on table foo", give a more precise form such as "permission denied on table foo,
cannotperform update in role bla".
Otherwise ISTM that role would not be an improvement over the current
"group" concept in postgresql.
Maybe it is already what was submitted, but as I could not check...
Thanks for working on this useful feature, have a nice day,
--
Fabien.
