Re: Groups and roles

Peter Eisentraut <peter_e@gmx.net> writes:
> Another issue is that users and roles share a namespace.  We might have to
> deal with that sometime, but it's not a problem as far as the information
> schema is concerned.

I've been thinking for awhile that the ACL code would be simplified if
userids and groupids shared a numberspace, or whatever you want to call
it (ie, a given ID number cannot belong to both a user and a group).
I think that implementing that would require at least a partial merge
of pg_shadow and pg_group --- unless you want to get into implementing
cross-table unique indexes.

If we agreed that they share a namespace as well, the merge could be
taken further.  Perhaps more usefully, the GRANT/REVOKE syntax and the
display format for ACL lists could be simplified, since there'd be no
need for a syntactic marker as to whether a given name is a user or a
group.

Not sure how many people would complain if they couldn't have a user and
a group of the same name.
        regards, tom lane