* Bruce Momjian (pgman@candle.pha.pa.us) wrote: > Thanks, TODO updated. We still support CREATE GROUP? It translates to > roles?
Yes, CREATE USER too. Stephen > Tom Lane wrote: > > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > > Stupid question, but how do roles relate to our existing "groups"? > > > > As committed, roles subsume both users and groups: a role that permits > > login (rolcanlogin) acts as a user, and a role that has members is a > > group. It is possible for the same role to do both things, though I'm > > not sure that it's good security policy to set up a role that way. > > > > The advantage over what we had is exactly that there isn't any > > distinction, and thus groups can do everything users can and > > vice versa: > > * groups can own objects > > * groups can contain other groups (we forbid loops though) > > > > Also there is a notion of "admin option" for groups, which is like > > "grant option" for privileges: you can designate certain members of > > a group as being able to grant ownership in that group to others, > > without having to make them superusers. > > > > regards, tom lane > > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania 19073
signature.asc
Description: Digital signature