* Simon Riggs (si...@2ndquadrant.com) wrote: > On 3 November 2014 at 17:08, Stephen Frost <sfr...@snowman.net> wrote: > > role attributes don't act like > > GRANTs anyway (there's no ADMIN option and they aren't inheirited). > > I'm happy with us *not* doing this using GRANTs, as long as we spend > some love on the docs to show there is a very clear distinction > between the two.
The distinction already exists. I agree that the documentation should be improved to clarify how GRANT'd privileges are different from role attributes (which is what our existing superuser, createrole, etc options are). > Users get confused between privs, role attributes and SETs that apply to > roles. Agreed. > Introducing the new word "capability" needs to also have some clarity. > Is that the same thing as "role attribute", or is that a 4th kind of > thang? At present, it's exactly the same as 'role attribute' and, for my part at least, I was thinking it would remain the same. I believe the idea was to migrate the terminology from 'role attribute' to 'capability' as the latter better represents both the existing options and the new ones. Thanks! Stephen
Description: Digital signature