* Tom Lane ([EMAIL PROTECTED]) wrote: > Stephen Frost <[EMAIL PROTECTED]> writes: > > That's controlled by pg_hba.conf though, isn't it? The idea being that > > you'd like to give some people the ability to create users/roles, but to > > limit the databases those created users/roles could connect to by, say, > > requiring they have 'usage' or 'connect' permissions to that database, > > which could be set by the database owner; without the database owner > > having write permissions to the pg_hba.conf. > > You can do that today by putting a group name in pg_hba.conf. Roles > will make it more flexible; I don't see that we need anything more. > > For instance, if pg_hba.conf says "samegroup" then you could manage > everything by associating a group with each database.
Ahh, ok, good point. Sorry, I'd forgotten about that flexibility of
pg_hba.conf. Well, hopefully this will make some ISPs happy then. :)
Thanks,
Stephen
signature.asc
Description: Digital signature
