Re: Groups and roles
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Groups and roles |
| Дата | |
| Msg-id | Pine.LNX.4.44.0306101910170.2367-100000@peter.localdomain обсуждение исходный текст |
| Ответ на | Groups and roles (Peter Eisentraut <peter_e@gmx.net>) |
| Список | pgsql-hackers |
Hans-Jürgen Schönig writes: > Imagine having groups having rights on dozens of tables. If these groups > were assigned to a role it would be an easy task to block numerous > groups from executing SQL at once. Currently a user has all rights of > all groups he belongs to so it is damn hard to say that 1000 users > should not be allowed to do anything for a period of time (because of > maintenance or so). If all those users (but the superuser) had a certain > role, the role could be modified instead of those 1000 users/groups (eg. > REVOKE login, execute_sql FROM some_role). I think you can do that with groups: Create a number of groups, say users1, users2, etc., and then, at the predermined hour, you do: BEGIN; REVOKE privilege FROM users1; GRANT privilege TO users2; COMMIT; This might be helped if groups could contain other groups, so that "privilege" could be a group/role name, to ease administration, but that does not create any distinction between the concepts role and group. -- Peter Eisentraut peter_e@gmx.net
В списке pgsql-hackers по дате отправления: