Re: Database Users Management and Privileges

* Peter Eisentraut <peter_e@gmx.net> wrote:

| > Better user management and policy delegations would be important
| > postgresql to succeed in enterprise environments.
| 
| Keeping compatibility is also important.

Well nobody said you can't get both ;-)

| > to all databases, and you can create a user for a given database and assign
| > it to a login.
| 
| That doesn't strike me as terribly better.  Operating system
| administrators tend to unify user management across the whole network.
| You're essentially suggesting making separate users per file system.
| Ugh.

Well, it is important for some networks to have the ability to create users 
local to a subset of the network. Let the sub networks manage themselves. 
Matter of policy of course.

| > It would also be nice to be able to assign users to
| > groups(which in turn define access rights within the database).
| 
| That would indeed be nice.  That's why we have already implemented it.

Oops, sorry. RTFM.... But the set of permissions you can assign to a group is
fairly limited. E.g. I can't see that you are able to grant a user/group 
create/drop table permissions for a database. Does that mean any user can 
create/drop tables ? I think this is an example of a permission a DBA would 
like to grant to users per database. 

createuser/createdb are rights assigned to a user directly. Wouldn't it make 
sense to be able to assign these rights to a group of users ?

regards, 
       Gunnar

-- 
Gunnar Rønning - gunnar@polygnosis.com
Senior Consultant, Polygnosis AS, http://www.polygnosis.com/