Re: GRANT role_name TO role_name ON database_name

* Clark C. Evans (cce@clarkevans.com) wrote:
> Yes, if we had per-database roles, it would work.  However, I don't
> think it's necessary.  We've already got role permissions specific to
>  a database; so we're most of the way there.

PG has two sets of catalogs, per-databases ones and 'shared' ones.
There are role permissions in both (pg_database being one of the more
obvious 'shared' cases).

> The main piece missing
> is a way for me to assign a role to a user, but only for a specific
>  database.   Let me rephrase this, using a different syntax...

I'm pretty sure that I understand what you're getting at here, but I
think the direction we'd really like to go in is to have per-database
roles.  There are a lot of additional advantages that would provide
along with covering your use-case.  Inventing new syntax and having to
add new catalog tables without actually getting the per-DB role system
that has long been asked for seems like the wrong approach to me.
Thanks,
    Stephen