On 3/3/15 5:22 PM, Stephen Frost wrote:
The problem with the role attribute approach is that they aren't inheirted the way GRANTs are, which means you can't have a "backup" role that is then granted out to users, you'd have to set a "BACKUP" role attribute for every role added.
Yeah, but you'd still have to grant "backup" to every role created anyway, right?
Or you could create a role that has the backup attribute and then grant that to users. Then they'd have to intentionally SET ROLE my_backup_role to elevate their privilege. That seems like a safer way to do things...
-- Jim Nasby, Data Architect, Blue Treble Consulting Data in Trouble? Get it in Treble! http://BlueTreble.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
