Re: [PATCHES] Users/Groups -> Roles

Thanks, TODO updated.  We still support CREATE GROUP?  It translates to
roles?

---------------------------------------------------------------------------

Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Stupid question, but how do roles relate to our existing "groups"?
> 
> As committed, roles subsume both users and groups: a role that permits
> login (rolcanlogin) acts as a user, and a role that has members is a
> group.  It is possible for the same role to do both things, though I'm
> not sure that it's good security policy to set up a role that way.
> 
> The advantage over what we had is exactly that there isn't any
> distinction, and thus groups can do everything users can and
> vice versa:
>     * groups can own objects
>     * groups can contain other groups (we forbid loops though)
> 
> Also there is a notion of "admin option" for groups, which is like
> "grant option" for privileges: you can designate certain members of
> a group as being able to grant ownership in that group to others,
> without having to make them superusers.
> 
>             regards, tom lane
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
359-1001+  If your life is a hard drive,     |  13 Roberts Road +  Christ can be your backup.        |  Newtown Square,
Pennsylvania19073