Thread: Roles as objects in Postgres's security system
Hi! My English is bad, so in short - why Postgres (and surprisingly other's, like Oracle) lacks something like this: 1. What roles who can create or delete (insteed solid CREATEROLE privilege) GRANT { { CREATE | DROP } [,...] | ALL [ PRIVILEGES ] } ON { {ROLE rolename [, ...]} | ANY ROLE} TO { rolename } [, ...] [ WITH ADMIN OPTION ] 2. What in what roles who can alter GRANT ALTER { LOGIN | PASSWORD | INHERIT | RENAME | VALID | SET | и т.д. } ON ROLE rolename [, ...] TO { rolename } [, ...] [ WITH ADMIN OPTION ] 3. What roles who can grant to whom GRANT GRANT {ANY | rolename [, ...]} } ON ROLE rolename [, ...] TO { rolename } [, ...] [ WITH GRANT OPTION ] Any Help Will Be appreciated!
sftf wrote: > Hi! > My English is bad, so in short - why Postgres (and surprisingly > other's, like Oracle) lacks something like this: If it's missing, it's because it's not implemented. This may be because nobody has yet come to it, or because it has been decided that it will not be implemented for whatever reason. If the syntax you propose is part of the SQL standard, feel free to propose it. If it's not, you need to present a solid case for it to be implemented. If you propose it and there are no objections, it doesn't mean it will be implemented right away; it'll happen much sooner if you send a patch. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support