Thread: Roles as objects in Postgres's security system

Hi!
My English is bad, so in short - why Postgres (and surprisingly other's, like Oracle) lacks something like this:

1. What roles who can create or delete (insteed solid CREATEROLE privilege)
GRANT { { CREATE | DROP }
    [,...] | ALL [ PRIVILEGES ] }
    ON { {ROLE rolename [, ...]} | ANY ROLE}
    TO { rolename } [, ...] [ WITH ADMIN OPTION ]

2. What in what roles who can alter
GRANT ALTER { LOGIN | PASSWORD | INHERIT | RENAME | VALID | SET | и т.д. }
    ON ROLE rolename [, ...]
    TO { rolename } [, ...] [ WITH ADMIN OPTION ]

3. What roles who can grant to whom
GRANT GRANT {ANY | rolename [, ...]} }
    ON ROLE rolename [, ...]
    TO { rolename } [, ...] [ WITH GRANT OPTION ]

Any Help Will Be appreciated!

sftf wrote:
> Hi!
> My English is bad, so in short - why Postgres (and surprisingly
> other's, like Oracle) lacks something like this:

If it's missing, it's because it's not implemented.  This may be because
nobody has yet come to it, or because it has been decided that it will
not be implemented for whatever reason.

If the syntax you propose is part of the SQL standard, feel free to
propose it.  If it's not, you need to present a solid case for it to be
implemented.

If you propose it and there are no objections, it doesn't mean it will
be implemented right away; it'll happen much sooner if you send a patch.

--
Alvaro Herrera                                http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support