Re: Per-Database Roles
| От | Josh Berkus |
|---|---|
| Тема | Re: Per-Database Roles |
| Дата | |
| Msg-id | 4FBC1180.60608@agliodbs.com обсуждение исходный текст |
| Ответ на | Re: Per-Database Roles (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: Per-Database Roles
|
| Список | pgsql-hackers |
> The issue with not allowing global spaces to overlap local ones is that > we'd have to check every local list when creating a global account; > that doesn't seem very easy to do. On the flip side, allowing > duplicates between global and local would remove the need to check local > lists when creating global accounts, but would add complexity and could > lead to odd semantics when there is a duplicate. On the other hand, keep in mind that creating a global account can be slow. For anyone who has a huge multi-tenant setup with 200 database each with their own local users, creating a new global account will be an event which occurs once or twice a year. Just so that we don't pay the same check cost for people who don't use local accounts. > If you could help me work out the semantics and the high-level issues, > I'd love to spend time on this for 9.3... Syntax seems simple: CREATE LOCAL ROLE ... For that matter, let's keep other things simple: 1. local roles can inherit only from other local roles 2. global roles can inherit only from other global roles 3. only a global role can be a database owner -- Josh Berkus PostgreSQL Experts Inc. http://pgexperts.com
В списке pgsql-hackers по дате отправления: