Re: Proposal: allow database-specific role memberships
| От | David G. Johnston |
|---|---|
| Тема | Re: Proposal: allow database-specific role memberships |
| Дата | |
| Msg-id | CAKFQuwaCeF-qZab5RVKQZMQT11gkATtwcjKWf-VYGdu6w5D9OA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Proposal: allow database-specific role memberships (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: Proposal: allow database-specific role memberships
|
| Список | pgsql-hackers |
On Monday, October 11, 2021, Stephen Frost <sfrost@snowman.net> wrote:
I don't think "just don't grant access to those other databases"
is actually a proper answer- there is certainly a use-case for "I want
user X to have read access to all tables in *this* database, and also
allow them to connect to some other database but not have that same
level of access there."
Sure, that has a benefit. But creating a second user for the other database and putting the onus on the user to use the correct credentials when logging into a particular database is a valid option - it is in fact the status quo. Due to the complexity of adding a whole new grant dimension to the system the status quo is an appealing option. Annoyance factor aside it technically solves the per-database permissions problem put forth.
David J.
В списке pgsql-hackers по дате отправления: