On Tue, Jan 11, 2022 at 12:47 PM Wolfgang Walther <walt...@technowledgy.de>
wrote:
> Dominique Devienne:
> > I wish for DB-specific ROLEs BTW...
>
> Same here. That would be so useful.
>
In fact, in my case, I also want something even narrower than that,
which are SCHEMA specific ROLEs. ROLEs tied to a given schema,
implicitly DROP'ed when their "owner" SCHEMA is DROP'ed , and which
can only take GRANTs/privileges on objects from it owner schema.
I'm not saying CLUSTER-wide ROLEs are not useful. They are, mostly for
LOGIN USERs IMHO.
But for NOLOGIN ROLEs used to group permissions, often in a single DB, or
even a single SCHEMA like in my case,
the fact ROLEs are CLUSTER-wide is problematic for the naming. FWIW. --DD
PS: I've read the note that DB-specific ROLEs kinda exists, but since the
doc explicitly mentions to avoid them,
I don't use them. And in case, as I wrote above, SCHEMA-correlated
ROLEs is what I really would like to use.
