> You can't think that allowing the same name to appear
> globally and locally is a good idea.
Actually, I do think it is a good idea.
> If I say "GRANT TO foo", who am
> I granting privileges to?
SET username_precedence TO LOCAL,GLOBAL; -- I like GLOBAL more than
CLUSTER
GRANT TO foo;
SET username_precedence TO GLOBAL,LOCAL;
GRANT TO foo;
> And I don't want to say that there is no
> difference because they are the same user.
Agreed, they should be the same user.
> That will open up some nasty
> security holes, eg, being able to pretend that you are the global
> postgres superuser if you can set the password for a local user by the
> same name.
Agreed, but if a cluster is using LOCAL USERs, I doubt highly that
CLUSTER/GLOBAL users would be in use much beyond super users. -sc
--
Sean Chittenden