Re: Role Inheritance Without Explicit Naming?

On 03/02/2014 08:48 PM, François Beausoleil wrote:
> Hi all,
>
> I have four roles involved:
>
> meetphil - the database owner, should not login
> mpwebui - the role the web application logs in as, should have very limited privileges, but should be able to SET
ROLEto a user that has the correct privileges, should login 
> mpusers - the main group for regular users, the group on which I'll grant default privileges, should not login
> francois - one of the roles that has the right to do stuff, should login
>
> I've gist'd everything here: https://gist.github.com/francois/9318054 (also appended at the end of this email).
>
> In a fresh cluster, I create my users:
>
> $ psql -U meetphil -d meetphil
> psql (9.1.5)
> Type "help" for help.
>
> meetphil=> \du
>                               List of roles
>   Role name |                   Attributes                   | Member of
> -----------+------------------------------------------------+-----------
>   colette   |                                                | {mpusers}
>   francois  |                                                | {mpusers}
>   meetphil  |                                                | {}
>   mpusers   | Cannot login                                   | {}
>   mpwebui   | No inheritance                                 | {mpusers}
>   postgres  | Superuser, Create role, Create DB, Replication | {}
>   rene      |                                                | {mpusers}
>


If I am following correctly what you want is something like this:


            ------   mpusers  < ----
            |                       |
      \|/                      |
         francois                 mpwebui


In other words access sibling roles through a parent role. Is this correct?


--
Adrian Klaver
adrian.klaver@aklaver.com