Dear Stephen,
> Attached please find files and patches associated with moving from the
> User/Group system currently in place to Roles, as discussed
> previously. The files are:
>
> pg_authid.h
> New system table, contains role information
> To be placed in src/include/catalog, replacing pg_shadow.h
>
> pg_auth_members.h
> New system table, contains role/membership information
> To be placed in src/include/catalog, replacing pg_group.h
I've looked very quickly at the patch. ISTM that the proposed patch is a
reworking of the user/group stuff, which are both unified for a new "role"
concept where a user is a kind of role and a role can be a member of
another role. Well, why not.
Some added files seems not to be provided in the patch :
sh> bzgrep pg_authid.h ./role_2005062701.ctx.patch.bz2
? src/include/catalog/pg_authid.h
! pg_namespace.h pg_conversion.h pg_database.h pg_authid.h pg_auth_members.h \
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
+ #include "catalog/pg_authid.h"
+ #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
! #include "catalog/pg_authid.h"
Or maybe I missed something, but I could not find the pg_authid file?
the '?' line in the diff seems to suggest an unexpected file.
Anyway, from what I can see in the patch it seems that the roles are per
cluster, and not per catalog. So this is not so conceptually different
from user/group as already provided in pg.
What would have been much more interesting for me would be a per catalog
role, so that rights could be administrated locally in each database. I'm
not sure how to provide such a feature, AFAICS the current version does
not give me new abilities wrt right management.
Have a nice day,
--
Fabien.