Re: Additional role attributes && superuser review

On 30/04/15 12:20, Alvaro Herrera wrote:
> Robert Haas wrote:
>
>> I think that if you commit this the way you have it today, everybody
>> will go, oh, look, Stephen committed something, but it looks
>> complicated, I won't pay attention.
> Yeah, that sucks.
>
>> Finally, you've got the idea of making pg_ a reserved prefix for
>> roles, adding some predefined roles, and giving them some predefined
>> privileges.  That should be yet another patch.
> On this part I have a bit of a problem -- the prefix is not really
> reserved, is it.  I mean, evidently it's still possible to create roles
> with the pg_ prefix ... otherwise, how come the new lines to
> system_views.sql that create the "predefined" roles work in the first
> place?  I think if we're going to reserve role names, we should reserve
> them for real: CREATE ROLE should flat out reject creation of such
> roles, and the default ones should be created during bootstrap.
>
> IMO anyway.
>
What if I had a company with several subsidiaries using the same 
database, and want to prefix roles and other things with the 
subsidiary's initials? (I am not saying this would be a good 
architecture!!!)

For example if one subsidiary was called 'Perfect Gentleman', so I would 
want roles prefixed by 'pg_' and would be annoyed if I couldn't!


Cheers,
Gavin