On 10/23/10 11:01 AM, Craig Ringer wrote:
> Yep. As for not explicitly mentioning "lower" roles when granting a
> higher role (ie "admin" isn't also a "user") - role inheritance.
I knew about role inheritance, I just didn't know about the
pg_has_role() function for determining if a user has a role. That's
helpful, but I really don't want to be hitting the database with a
pg_has_role() call for every time I want to check if a user should have
access to a certain page or function in my application.
Normally, when the user logs in, I'd cache their user info, and any
roles they have, either directly or indirectly. But how can I do this
if I'm not directly making administrators members of the other groups
they inherit the rights of? In other words, is there a convenience
function or view I can use to get a list of all roles the user has
access to, both directly or indirectly?