Thanks, TODO updated. We still support CREATE GROUP? It translates to
roles?
---------------------------------------------------------------------------
Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Stupid question, but how do roles relate to our existing "groups"?
>
> As committed, roles subsume both users and groups: a role that permits
> login (rolcanlogin) acts as a user, and a role that has members is a
> group. It is possible for the same role to do both things, though I'm
> not sure that it's good security policy to set up a role that way.
>
> The advantage over what we had is exactly that there isn't any
> distinction, and thus groups can do everything users can and
> vice versa:
> * groups can own objects
> * groups can contain other groups (we forbid loops though)
>
> Also there is a notion of "admin option" for groups, which is like
> "grant option" for privileges: you can designate certain members of
> a group as being able to grant ownership in that group to others,
> without having to make them superusers.
>
> regards, tom lane
>
-- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610)
359-1001+ If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square,
Pennsylvania19073