Stephen Frost <[EMAIL PROTECTED]> writes:
> I've been thinking about the performance issues some and have to admit
> that I havn't really come to much of a solution. It seems to me that
> there's two ways to come at the issue:
> a) start from the user:
>...
> b) start from the ACL list:
>
Title: RE: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED
> a) start from the user:
> Search for useroid in pg_auth_members.member
> For each returned role, search for that role in member column
> Repeat until all roles the useroid is in have been fo
* Tom Lane ([EMAIL PROTECTED]) wrote:
> Stephen Frost <[EMAIL PROTECTED]> writes:
> > Ok. Can I get some help defining what the New Truth will look like
> > then? I understand users and groups pretty well but I'm not 100% sure
> > about roles.
>
> So I'm envisioning something like
[...]
> It mig
* Peter Eisentraut ([EMAIL PROTECTED]) wrote:
> If he has admin option on his own role, sure. But I suppose by default
> we wouldn't.
>
> One use case I see is if someone goes on vacation he can temporarily
> grant the privileges held by his user account to others without
> actually giving out
On Sun, Jan 23, 2005 at 15:14:04 -0500,
Tom Lane <[EMAIL PROTECTED]> wrote:
>
> It's not entirely clear to me whether the spec allows roles to be
> directly owners of objects, but I think we should allow it.
I aggree with this. This can simplify maintainance as members of a group
come and go.
Stephen Frost wrote:
> The other difference would seem to be that "user identifiers" can't
> be granted to users whereas "role identifiers" can be. Following
> this, "rolmembers" must be NULL if rolcanlogin is true, no? That
> breaks if roles can log in though. Or should we just allow granting
>
* Tom Lane ([EMAIL PROTECTED]) wrote:
> Stephen Frost <[EMAIL PROTECTED]> writes:
> > Ok. Can I get some help defining what the New Truth will look like
> > then? I understand users and groups pretty well but I'm not 100% sure
> > about roles.
>
> I looked through SQL99 a bit (see 4.31 "Basic se
* Alvaro Herrera ([EMAIL PROTECTED]) wrote:
> On Sun, Jan 23, 2005 at 03:14:04PM -0500, Tom Lane wrote:
> > Smaller patches are easier to review, for sure. Also, you'll need to
> > coordinate with Alvaro's work on dependencies for global objects.
>
> If you want, I can send you the current patch
Stephan,
On Sun, Jan 23, 2005 at 03:14:04PM -0500, Tom Lane wrote:
> Smaller patches are easier to review, for sure. Also, you'll need to
> coordinate with Alvaro's work on dependencies for global objects.
If you want, I can send you the current patch so you can see what has
changed in it, mayb
Stephen Frost <[EMAIL PROTECTED]> writes:
> Ok. Can I get some help defining what the New Truth will look like
> then? I understand users and groups pretty well but I'm not 100% sure
> about roles.
I looked through SQL99 a bit (see 4.31 "Basic security model") and think
I now have some handle on
* Tom Lane ([EMAIL PROTECTED]) wrote:
> Stephen Frost <[EMAIL PROTECTED]> writes:
> > Here's a proof-of-concept pretty much untested (it compiles) patch
> > against HEAD for review of the general approach I'm taking to
> > merging pg_shadow and pg_group. This is in order to support group
>
Euler Taveira de Oliveira <[EMAIL PROTECTED]> writes:
> What's Role? A set of relations with their respective privileges and
> a set of users and/or roles.
Huh? How did relations get into it?
> What do we do with 'groups'? Well, we can have three categories of
> object owners: users, groups and
Stephen Frost <[EMAIL PROTECTED]> writes:
> Here's a proof-of-concept pretty much untested (it compiles) patch
> against HEAD for review of the general approach I'm taking to
> merging pg_shadow and pg_group. This is in order to support group
> ownership and eventually roles. This patch
Hi Stephen,
> > I have to disagree with your model. Roles are not so simple like
> you
> > try to describe in your patch. I'm suposing this because your using
> > role* in all of the 'pg_shadow'.
>
> The particular name isn't really important- and don't take it to mean
> very much...
>
OK. So le
* Euler Taveira de Oliveira ([EMAIL PROTECTED]) wrote:
> > Here's a proof-of-concept pretty much untested (it compiles) patch
> > against HEAD for review of the general approach I'm taking to
> > merging pg_shadow and pg_group. This is in order to support group
> > ownership and eventual
Hi Stephen and Hackers,
Moved to -hackers.
> Here's a proof-of-concept pretty much untested (it compiles) patch
> against HEAD for review of the general approach I'm taking to
> merging pg_shadow and pg_group. This is in order to support group
> ownership and eventually roles.
I have
16 matches
Mail list logo