* Peter Eisentraut <peter_e@gmx.net> wrote:
| > Better user management and policy delegations would be important
| > postgresql to succeed in enterprise environments.
|
| Keeping compatibility is also important.
Well nobody said you can't get both ;-)
| > to all databases, and you can create a user for a given database and assign
| > it to a login.
|
| That doesn't strike me as terribly better. Operating system
| administrators tend to unify user management across the whole network.
| You're essentially suggesting making separate users per file system.
| Ugh.
Well, it is important for some networks to have the ability to create users
local to a subset of the network. Let the sub networks manage themselves.
Matter of policy of course.
| > It would also be nice to be able to assign users to
| > groups(which in turn define access rights within the database).
|
| That would indeed be nice. That's why we have already implemented it.
Oops, sorry. RTFM.... But the set of permissions you can assign to a group is
fairly limited. E.g. I can't see that you are able to grant a user/group
create/drop table permissions for a database. Does that mean any user can
create/drop tables ? I think this is an example of a permission a DBA would
like to grant to users per database.
createuser/createdb are rights assigned to a user directly. Wouldn't it make
sense to be able to assign these rights to a group of users ?
regards,
Gunnar
--
Gunnar Rønning - gunnar@polygnosis.com
Senior Consultant, Polygnosis AS, http://www.polygnosis.com/