* Simon Riggs (simon@2ndQuadrant.com) wrote:
> * Ability to have a Role that can only access one Database
Alright, I'd like to think about this one specifically and solicit
feedback on the idea that we keep the existing shared role tables but
add on additional tables for per-database roles.
In the past, I feel like we've been focused on the idea of moving all
roles to be per-database instead of per-cluster, which certainly has a
lot of problems associated with it, but in the end, I think people would
be really happy with some shared roles and some per-DB roles.
What would the semantics of that look like though? Which is "preferred"
when you do a 'grant select' or 'grant role'? Or do we just disallow
overlaps between per-DB roles and global roles? If we don't allow
duplicates, I suspect a lot of the other questions suddenly become a lot
easier to deal with, but would that be too much of a restriction? How
would you handle migrating an existing global role to a per-database
role?
Thanks,
Stephen