* Clark C. Evans (cce@clarkevans.com) wrote:
> Yes, if we had per-database roles, it would work. However, I don't
> think it's necessary. We've already got role permissions specific to
> a database; so we're most of the way there.
PG has two sets of catalogs, per-databases ones and 'shared' ones.
There are role permissions in both (pg_database being one of the more
obvious 'shared' cases).
> The main piece missing
> is a way for me to assign a role to a user, but only for a specific
> database. Let me rephrase this, using a different syntax...
I'm pretty sure that I understand what you're getting at here, but I
think the direction we'd really like to go in is to have per-database
roles. There are a lot of additional advantages that would provide
along with covering your use-case. Inventing new syntax and having to
add new catalog tables without actually getting the per-DB role system
that has long been asked for seems like the wrong approach to me.
Thanks,
Stephen