Re: Proposal: access control jails (and introduction as aspiring GSoC student)

On Tue, Mar 23, 2010 at 8:30 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> On Tue, Mar 23, 2010 at 8:16 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>>> My first thought about a catalog representation would be to add a column
>>> to pg_auth which is a DB OID for local users or zero for global users.
>>> However, you'd probably want to prevent local users and global users
>>> from having the same names, and it's not very clear how to do that
>>> with this representation (though that'd be even worse with separate
>>> catalogs).  I guess we could fall back on a creation-time check (ick).
>
>> Could we use a suitably defined exclusion constraint?
>
> Not unless you'd like to solve the issues with triggers on system
> catalogs first ...

Urp.  Not really, though I don't know what they are exactly.  I didn't
think exclusion constraints depended on triggers.  UNIQUE constraints
work on system catalogs, right?

...Robert