Dear PG developers,
beeing used to Oracle, I am a bit confused by PG's SQL support for user rights:
Rather than with "GRANT createdb TO user" user rights are set via "ALTER USER".
Why?
I see the following problems with the current implementation:
a) It is not flexible for future extensions: you always need *two*
keywords for the ALTER USER statement (CREATETABLE/NOCREATETABLE etc.)
The User rights are boolean flags in pg_user, this requires changes
in this table for every little new right (CONNECT, CREATEFUNCTION...).
b) (More important) It does not allow for roles with a user defined
right profile. Eg. it should be possible for database administrators
to define a custom group (eg. "developers") with specific rights:
CREATE GROUP developers;
GRANT CONNECT, CREATETABLE, CREATEFUNCTION to developers;
Or is there some way to accomplish this with the current implementation?
Christoph Dalitz