Re: CREATE USER and pg_user
| От | Jim C. Nasby |
|---|---|
| Тема | Re: CREATE USER and pg_user |
| Дата | |
| Msg-id | 20050823192752.GO43820@pervasive.com обсуждение исходный текст |
| Ответ на | Re: CREATE USER and pg_user ("William ZHANG" <uniware@zedware.org>) |
| Список | pgsql-hackers |
On Tue, Aug 23, 2005 at 09:26:07AM +0800, William ZHANG wrote: > ""Jim Nasby"" <jnasby@pervasive.com> write > > Yes, but it doesn't really specify if you have to have a privilege in > > order to grant it, although reading one of the notes[1] tends to indicate > > that you must have a role in order to grant it. Unless I'm overlooking > > some part of the docs? > > I am confused by the combination of USER and ROLE in 8.1 at first glance. > In my memory, USER is a representation of somebody using the database, > just as USER in OS. USER can also always login into the system, except > the Admin prohibit it. ROLE is a collection of some priviledges. A USER > can act as multiple ROLEs, but in real life, it cannot act as multiple ROLEs > are the same time. That's why some system define that a USER can only > act as one ROLE at a moment, but she can change her ROLE with > "SET SESSION ROLE TO <anotherRole>". > > Maybe I will read more about SQL:2003, pgsql-8.1 doc and RBAC > (Role Based Access Control, > http://csrc.nist.gov/rbac/rbac-stds-roadmap.html) > to understand it correctly. You should take a look at http://lnk.nu/developer.postgresql.org/3mi.html, both 17.1 and 17.2. In particular: "CREATE USER is equivalent to CREATE ROLE except that CREATE USER assumes LOGIN by default, while CREATE ROLE does not." -- Jim C. Nasby, Sr. Engineering Consultant jnasby@pervasive.com Pervasive Software http://pervasive.com 512-569-9461
В списке pgsql-hackers по дате отправления: