You can't think that allowing the same name to appear globally and locally is a good idea.
Actually, I do think it is a good idea.
If I say "GRANT TO foo", who am I granting privileges to?
SET username_precedence TO LOCAL,GLOBAL; -- I like GLOBAL more than CLUSTER
GRANT TO foo;
SET username_precedence TO GLOBAL,LOCAL;
GRANT TO foo;
And I don't want to say that there is no difference because they are the same user.
Agreed, they should be the same user.
That will open up some nasty security holes, eg, being able to pretend that you are the global postgres superuser if you can set the password for a local user by the same name.
Agreed, but if a cluster is using LOCAL USERs, I doubt highly that CLUSTER/GLOBAL users would be in use much beyond super users. -sc
-- Sean Chittenden
---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
