Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Stephen Frost <[EMAIL PROTECTED]> writes: > I've been thinking about the performance issues some and have to admit > that I havn't really come to much of a solution. It seems to me that > there's two ways to come at the issue: > a) start from the user: >... > b) start from the ACL list: >

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Title: RE: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED > a) start from the user: >    Search for useroid in pg_auth_members.member >    For each returned role, search for that role in member column >    Repeat until all roles the useroid is in have been fo

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

* Tom Lane ([EMAIL PROTECTED]) wrote: > Stephen Frost <[EMAIL PROTECTED]> writes: > > Ok. Can I get some help defining what the New Truth will look like > > then? I understand users and groups pretty well but I'm not 100% sure > > about roles. > > So I'm envisioning something like [...] > It mig

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

* Peter Eisentraut ([EMAIL PROTECTED]) wrote: > If he has admin option on his own role, sure. But I suppose by default > we wouldn't. > > One use case I see is if someone goes on vacation he can temporarily > grant the privileges held by his user account to others without > actually giving out

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

On Sun, Jan 23, 2005 at 15:14:04 -0500, Tom Lane <[EMAIL PROTECTED]> wrote: > > It's not entirely clear to me whether the spec allows roles to be > directly owners of objects, but I think we should allow it. I aggree with this. This can simplify maintainance as members of a group come and go.

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Stephen Frost wrote: > The other difference would seem to be that "user identifiers" can't > be granted to users whereas "role identifiers" can be. Following > this, "rolmembers" must be NULL if rolcanlogin is true, no? That > breaks if roles can log in though. Or should we just allow granting >

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

* Tom Lane ([EMAIL PROTECTED]) wrote: > Stephen Frost <[EMAIL PROTECTED]> writes: > > Ok. Can I get some help defining what the New Truth will look like > > then? I understand users and groups pretty well but I'm not 100% sure > > about roles. > > I looked through SQL99 a bit (see 4.31 "Basic se

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

* Alvaro Herrera ([EMAIL PROTECTED]) wrote: > On Sun, Jan 23, 2005 at 03:14:04PM -0500, Tom Lane wrote: > > Smaller patches are easier to review, for sure. Also, you'll need to > > coordinate with Alvaro's work on dependencies for global objects. > > If you want, I can send you the current patch

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Stephan, On Sun, Jan 23, 2005 at 03:14:04PM -0500, Tom Lane wrote: > Smaller patches are easier to review, for sure. Also, you'll need to > coordinate with Alvaro's work on dependencies for global objects. If you want, I can send you the current patch so you can see what has changed in it, mayb

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Stephen Frost <[EMAIL PROTECTED]> writes: > Ok. Can I get some help defining what the New Truth will look like > then? I understand users and groups pretty well but I'm not 100% sure > about roles. I looked through SQL99 a bit (see 4.31 "Basic security model") and think I now have some handle on

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

* Tom Lane ([EMAIL PROTECTED]) wrote: > Stephen Frost <[EMAIL PROTECTED]> writes: > > Here's a proof-of-concept pretty much untested (it compiles) patch > > against HEAD for review of the general approach I'm taking to > > merging pg_shadow and pg_group. This is in order to support group >

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Euler Taveira de Oliveira <[EMAIL PROTECTED]> writes: > What's Role? A set of relations with their respective privileges and > a set of users and/or roles. Huh? How did relations get into it? > What do we do with 'groups'? Well, we can have three categories of > object owners: users, groups and

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Stephen Frost <[EMAIL PROTECTED]> writes: > Here's a proof-of-concept pretty much untested (it compiles) patch > against HEAD for review of the general approach I'm taking to > merging pg_shadow and pg_group. This is in order to support group > ownership and eventually roles. This patch

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Hi Stephen, > > I have to disagree with your model. Roles are not so simple like > you > > try to describe in your patch. I'm suposing this because your using > > role* in all of the 'pg_shadow'. > > The particular name isn't really important- and don't take it to mean > very much... > OK. So le

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

* Euler Taveira de Oliveira ([EMAIL PROTECTED]) wrote: > > Here's a proof-of-concept pretty much untested (it compiles) patch > > against HEAD for review of the general approach I'm taking to > > merging pg_shadow and pg_group. This is in order to support group > > ownership and eventual

Re: [HACKERS] [PATCHES] Merge pg_shadow && pg_group -- UNTESTED

Hi Stephen and Hackers, Moved to -hackers. > Here's a proof-of-concept pretty much untested (it compiles) patch > against HEAD for review of the general approach I'm taking to > merging pg_shadow and pg_group. This is in order to support group > ownership and eventually roles. I have