> The issue with not allowing global spaces to overlap local ones is that
> we'd have to check every local list when creating a global account;
> that doesn't seem very easy to do. On the flip side, allowing
> duplicates between global and local would remove the need to check local
> lists when creating global accounts, but would add complexity and could
> lead to odd semantics when there is a duplicate.
On the other hand, keep in mind that creating a global account can be
slow. For anyone who has a huge multi-tenant setup with 200 database
each with their own local users, creating a new global account will be
an event which occurs once or twice a year. Just so that we don't pay
the same check cost for people who don't use local accounts.
> If you could help me work out the semantics and the high-level issues,
> I'd love to spend time on this for 9.3...
Syntax seems simple: CREATE LOCAL ROLE ...
For that matter, let's keep other things simple:
1. local roles can inherit only from other local roles
2. global roles can inherit only from other global roles
3. only a global role can be a database owner
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com