On Friday 26 March 2004 15:09, Tom Lane wrote: > Sean Chittenden <[EMAIL PROTECTED]> writes: > > > > Agreed, but if a cluster is using LOCAL USERs, I doubt highly that > > CLUSTER/GLOBAL users would be in use much beyond super users. -sc > > Exactly my point. I think that it might be possible for a > locally-privileged DBA to give himself superuser privileges by skating > on this confusion between who is whom. Once he creates a local user > with the same name as the global superuser, the door is open to problems > --- not only possible bugs in our own code, but plain old human error on > the part of the real superuser.
Maybe it's me being slow, but are we not being over-complicated here? What's wrong with saying "database D1 looks up users in local table, D2 in the global table". If you are connected to D1, then no-one can see the global userlist. The global user "richard" cannot log into D1, and the local user "richard" can log only into D1. > In short, I say it's a bad idea with no redeeming social value. I can't > see any positive use-case for having local usernames that conflict with > global ones. In a shared-hosting situation, I can see "local super-users" both wanting to create users called (e.g.) "plone". -- Richard Huxton Archonet Ltd ---------------------------(end of broadcast)--------------------------- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match