Re: Open 7.3 items

On Wed, 14 Aug 2002, Tom Lane wrote:

> Lamar Owen <lamar.owen@wgcr.org> writes:
> > Appending '@template1' to unadorned usernames, and giving inherited rights
> > across the installation to users with template1 rights?  Then you have the
> > unadorned 'lowen' becomes 'lowen@template1' -- but lowen@pari wouldn't have
> > access to template1, right?
>
> If not, standard things like "psql -l" won't work for lowen@pari.  I don't
> think we can get away with a scheme that depends on disallowing access
> to template1 for most people.
>
> It should also be noted that the whole point of this little project was
> to do something *simple* ... checking access to some other database to
> decide what we will allow is getting a bit far afield from simple.

Hate to complicate things more, but back to a global username, say
you have user "lowen" that should have access to all databases.  What
happens if there's already a lowen@somedb that's an unprivileged user.
Assuming lowen is a db superuser, what happens in somedb?  If there's
a global user "lowen" and you try to create a lowen@somedb later, will
it be allowed?

One possible simplification would be to make the username the full
username "lowen@somedb", "lowen", ...  Right now we can create a
"lowen@somedb" and it's a different user than "lowen" and we can
already restrict a user to one database, can't we?  Hmmm.  Just
checked and I guess not - I thought we had a record type of "user".

Vince.
-- 
==========================================================================
Vince Vielhaber -- KA8CSH    email: vev@michvhf.com    http://www.pop4.net        56K Nationwide Dialup from $16.00/mo
atPop4 Networking     http://www.camping-usa.com      http://www.cloudninegifts.com  http://www.meanstreamradio.com
 http://www.unknown-artists.com
 
==========================================================================