Re: roles question
| От | Stephen Frost |
|---|---|
| Тема | Re: roles question |
| Дата | |
| Msg-id | 20050709191308.GW24207@ns.snowman.net обсуждение исходный текст |
| Ответ на | roles question (Joe Conway <mail@joeconway.com>) |
| Ответы |
Re: roles question
|
| Список | pgsql-hackers |
* Joe Conway (mail@joeconway.com) wrote:
> After months of being unable to keep up with what's going on here, I'm
> trying to educate myself on some of the latest developments. I was
> playing with roles a bit, and I don't know if I'm doing something wrong,
> or if I found a hole:
Things have changed a bit (we're more closely following the SQL spec,
for one thing :).
> works fine:
> regression=# create role testrole2 with user testuser;
> CREATE ROLE
I don't think it's actually required (per spec) for us to allow this,
but we do because it makes some sense.
> doesn't work:
> regression=# alter role testrole with user testuser;
> ERROR: option "rolemembers" not recognized
To give 'testuser' the rights of 'testrole' you should do:
grant testrole to testuser;
> works fine:
> regression=# alter group testrole add user testuser;
> ALTER ROLE
This works for backwards compatibility, really, not because it's
something the 'ALTER ROLE' command is supposted to be able to do.
> doesn't work (no surprise, is a syntax error):
> regression=# alter role testrole add user testuser;
> ERROR: syntax error at or near "add" at character 21
> LINE 1: alter role testrole add user testuser;
I had made this work in my original patch (iirc) but I believe Tom
dropped it because you really should be using GRANT instead.
> It seems I can create a role with a user, and I can use ALTER GROUP
> syntax to add a user to a role, but I can't figure out how to add a user
> to a role using ALTER ROLE.
Using the 'grant role statement', per the SQL spec.
> Similarly, these might be just plain abuse of the new syntax, but appear
> to be allowed by gram.y:
>
> regression=# alter user testuser in role testrole;
> ERROR: option "addroleto" not recognized
> regression=# alter user testuser in group testrole;
> ERROR: option "addroleto" not recognized
This is because create role, alter role, alter user, etc, use the
same set of options (since there's a large overlap) in the syntax,
though some things don't make sense for some of those commands.
Thanks,
Stephen
В списке pgsql-hackers по дате отправления: