Re: Database Users Management and Privileges
От | Jean-Francois Leveque |
---|---|
Тема | Re: Database Users Management and Privileges |
Дата | |
Msg-id | 20010706161113.23869.qmail@webmails.com обсуждение исходный текст |
Ответ на | Database Users Management and Privileges ("Jean-Francois Leveque" <leveque@webmails.com>) |
Список | pgsql-hackers |
Gunnar R�nning wrote: > > * Peter Eisentraut <peter_e@gmx.net> wrote: > | > | Jean-Francois Leveque writes: > | > | > Comming from Oracle, I was disapointed that > | > the users were not "per individual database". > | > | > Is there any chance that this will change in > | > the future ? > | > | Most likely not. For one thing, it would be a problem to assign owners to > | databases. Why can't database owners be referenced in one table and database users (not owners) be referenced in another table with the corresponding database referenced ? They're not the same kind of users, are they ? Maybe I used Oracle too much in the past. > Why ? Better user management and policy delegations would be important > postgresql to succeed in enterprise environments. Maybe one should > start distinguishing logins from users like Sybase does. Logins are global > to all databases, and you can create a user for a given database and assign > it to a login. It would also be nice to be able to assign users to > groups(which in turn define access rights within the database). I created database user groups and I'm satisfied about users assignment to groups (See CREATE GROUP and ALTER GROUP). Regarding Privileges, I was thinking about the content of \z "Access permissions for database" results. We have a lot of "=arwR" for the object owner when we granted permissions to others. The owner obviously has all rights on his objects and I see no reason to revoke those rights. So, I think they don't have to be stored in access permissions if the PostgreSQL code can check if it's the owner asking. We wouldn't then need the '"="' anymore for not granting anything to PUBLIC. We then wouldn't need to have : "REVOKE ALL on <object> from PUBLIC;" "GRANT ALL on <object> to <owner>;" in pg_dump output. I'm not able to help on this because I'm no pgsql-hacker, but I think PostgreSQL will be better with such alteration. Maybe it's already on someone's list but I couldn't find information about such work in progress. Maybe those two changes are too much for 7.1.3, but I think they would be good candidates for 8.0 . Please tell me if I'm pushing too far, I'm not much used to this list etiquette. PostgreSQL is good, I just want it to be better. regards, Jean-Francois Leveque ______________________________________________________________________ Sur WebMailS.com, mon adresse de courrier �lectronique gratuite. Service multilingue, s�r, et permanent. http://www.webmails.com/
В списке pgsql-hackers по дате отправления: