Re: Per database users/admins, handy for database virtual hosting...

> You can't think that allowing the same name to appear
> globally and locally is a good idea.

Actually, I do think it is a good idea.

> If I say "GRANT TO foo", who am
> I granting privileges to?

SET username_precedence TO LOCAL,GLOBAL;   -- I like GLOBAL more than 
CLUSTER
GRANT TO foo;
SET username_precedence TO GLOBAL,LOCAL;
GRANT TO foo;

> And I don't want to say that there is no
> difference because they are the same user.

Agreed, they should be the same user.

> That will open up some nasty
> security holes, eg, being able to pretend that you are the global
> postgres superuser if you can set the password for a local user by the
> same name.

Agreed, but if a cluster is using LOCAL USERs, I doubt highly that 
CLUSTER/GLOBAL users would be in use much beyond super users.  -sc

-- 
Sean Chittenden