On Fri, May 25, 2012 at 11:12 PM, Bruce Momjian wrote:
> On Fri, May 25, 2012 at 10:34:54PM -0400, Stephen Frost wrote:
>> * Robert Haas (robertmh...@gmail.com) wrote:
>> > On Thu, May 24, 2012 at 6:21 PM, Bruce Momjian wrote:
>> > > Yes, pre-1996. I think the fact that authentication/user names
On Sun, May 27, 2012 at 2:53 PM, Peter Eisentraut wrote:
> On tis, 2012-05-22 at 10:19 -0400, Robert Haas wrote:
>> I think we should have made roles and tablespaces database
>> objects rather than shared objects,
>
> User names are global objects in the SQL standard, which is part of the
> reason
On tis, 2012-05-22 at 10:19 -0400, Robert Haas wrote:
> I think we should have made roles and tablespaces database
> objects rather than shared objects,
User names are global objects in the SQL standard, which is part of the
reason that the current setup was never seriously challenged.
--
Sent
Stephen Frost writes:
> * Robert Haas (robertmh...@gmail.com) wrote:
>> Eh? Why would the presence of usernames in pg_hba.conf mean that they
>> have to be global objects?
> I havn't had a chance (yet) to look, but perhaps the current code
> attempts to validate the role before figuring out what
On Fri, May 25, 2012 at 10:34:54PM -0400, Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
> > On Thu, May 24, 2012 at 6:21 PM, Bruce Momjian wrote:
> > > Yes, pre-1996. I think the fact that authentication/user names appear
> > > in pg_hba.conf really locked the user name idea
* Robert Haas (robertmh...@gmail.com) wrote:
> On Thu, May 24, 2012 at 6:21 PM, Bruce Momjian wrote:
> > Yes, pre-1996. I think the fact that authentication/user names appear
> > in pg_hba.conf really locked the user name idea into global objects, and
> > we have never really been able to make a
On Thu, May 24, 2012 at 6:21 PM, Bruce Momjian wrote:
> On Tue, May 22, 2012 at 10:19:12AM -0400, Robert Haas wrote:
>> In retrospect, I think the idea of shared catalogs was probably a bad
>> idea. I think we should have made roles and tablespaces database
>> objects rather than shared objects,
On Tue, May 22, 2012 at 10:19:12AM -0400, Robert Haas wrote:
> In retrospect, I think the idea of shared catalogs was probably a bad
> idea. I think we should have made roles and tablespaces database
> objects rather than shared objects, and come up with some ad-hoc
> method of representing the se
On May 22, 2012, at 12:18, Tom Lane wrote:
> Another objection is that it wouldn't scale up nicely to multiple levels
> of catalog hierarchy. But maybe local/global is enough.
That would be a huge improvement and this wouldn't get in the way of
any solution to the global oid conflict issue comin
On May23, 2012, at 00:21 , Josh Berkus wrote:
>> If you could help me work out the semantics and the high-level issues,
>> I'd love to spend time on this for 9.3...
>
> Syntax seems simple: CREATE LOCAL ROLE ...
>
> For that matter, let's keep other things simple:
>
> 1. local roles can inherit
On Tue, May 22, 2012 at 4:35 PM, Stephen Frost wrote:
> * Josh Berkus (j...@agliodbs.com) wrote:
>> The local role is preferred, the same way we allow objects in the local
>> schema to overshadow objects in the global schema.
>
> I would think we'd want the exact opposite. I don't want my global
> The issue with not allowing global spaces to overlap local ones is that
> we'd have to check every local list when creating a global account;
> that doesn't seem very easy to do. On the flip side, allowing
> duplicates between global and local would remove the need to check local
> lists when c
On May22, 2012, at 22:35 , Stephen Frost wrote:
> * Josh Berkus (j...@agliodbs.com) wrote:
>> The local role is preferred, the same way we allow objects in the local
>> schema to overshadow objects in the global schema.
>
> I would think we'd want the exact opposite. I don't want my global
> 'pos
* Josh Berkus (j...@agliodbs.com) wrote:
> The local role is preferred, the same way we allow objects in the local
> schema to overshadow objects in the global schema.
I would think we'd want the exact opposite. I don't want my global
'postgres' user to be overwritten by some local one that the a
Stephen,
> Which is "preferred"
> when you do a 'grant select' or 'grant role'?
The local role is preferred, the same way we allow objects in the local
schema to overshadow objects in the global schema.
> Or do we just disallow
> overlaps between per-DB roles and global roles? If we don't all
On May22, 2012, at 18:03 , Thom Brown wrote:
> On 22 May 2012 16:57, Florian Pflug wrote:
>> On May22, 2012, at 16:09 , Tom Lane wrote:
>>> Thom Brown writes:
Conflicts would occur where localrolename matches an existing local
role name within the same database, or a global role name, b
Thom Brown writes:
> On 22 May 2012 16:57, Florian Pflug wrote:
>> Maybe we could simply make all global role's OIDs even, and all local ones
>> odd, or something like that.
> Wouldn't that instantly make all previous versions of database
> clusters un-upgradable?
IIRC, pg_upgrade doesn't need
On 22 May 2012 16:57, Florian Pflug wrote:
> On May22, 2012, at 16:09 , Tom Lane wrote:
>> Thom Brown writes:
>>> Conflicts would occur where localrolename matches an existing local
>>> role name within the same database, or a global role name, but not a
>>> local role name within another databas
On May22, 2012, at 16:09 , Tom Lane wrote:
> Thom Brown writes:
>> Conflicts would occur where localrolename matches an existing local
>> role name within the same database, or a global role name, but not a
>> local role name within another database. The problem with this,
>> however, is that cre
* Thom Brown (t...@linux.com) wrote:
> Conflicts would occur where localrolename matches an existing local
> role name within the same database, or a global role name, but not a
> local role name within another database. The problem with this,
> however, is that creating global roles would need co
On Tue, May 22, 2012 at 9:37 AM, Thom Brown wrote:
> On 22 May 2012 14:04, Stephen Frost wrote:
>> What would the semantics of that look like though? Which is "preferred"
>> when you do a 'grant select' or 'grant role'? Or do we just disallow
>> overlaps between per-DB roles and global roles?
Thom Brown writes:
> Conflicts would occur where localrolename matches an existing local
> role name within the same database, or a global role name, but not a
> local role name within another database. The problem with this,
> however, is that creating global roles would need conflict checks
> a
On 22 May 2012 14:04, Stephen Frost wrote:
> What would the semantics of that look like though? Which is "preferred"
> when you do a 'grant select' or 'grant role'? Or do we just disallow
> overlaps between per-DB roles and global roles? If we don't allow
> duplicates, I suspect a lot of the o
23 matches
Mail list logo
