Hey Tony, 2010/10/27 Tony Cebzanov <tony...@andrew.cmu.edu>
> On 10/23/10 11:01 AM, Craig Ringer wrote: > > Yep. As for not explicitly mentioning "lower" roles when granting a > > higher role (ie "admin" isn't also a "user") - role inheritance. > > I knew about role inheritance, I just didn't know about the > pg_has_role() function for determining if a user has a role. That's > helpful, but I really don't want to be hitting the database with a > pg_has_role() call for every time I want to check if a user should have > access to a certain page or function in my application. > Why not? Performance? It's just one function call. > > Normally, when the user logs in, I'd cache their user info, and any > roles they have, either directly or indirectly. But how can I do this > if I'm not directly making administrators members of the other groups > they inherit the rights of? In other words, is there a convenience > function or view I can use to get a list of all roles the user has > access to, both directly or indirectly? > Please, see http://www.postgresql.org/docs/9.0/static/infoschema-applicable-roles.html > > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- // Dmitriy.
