## Stephen Frost (sfr...@snowman.net): > We already have a reserved namespace when it comes to roles, > specifically "pg_".. why invent something new like this '&' prefix when > we could just declare that 'pg_superusers' is a role to which all > superusers are members? Or something along those lines?
Taking this idea one step further (back?): with any non-trivial number of (user-)roles in the database, DBAs would be well advised to use group(-role)s for privilege management anyways. It's not to unreasonable to grant SUPERUSER through a group, too. Although I'm not sure we'd need a new pg_superuser role here, we're not inventing a new set of object privileges as in e.g. pg_monitor; the DBA can just create their own superuser group. Is there really a need to add more features, or would it be sufficient to make the applications of group roles more prominent in the docs? (I've seen way too many cases in which people where granting privileges to individual users when they should have used groups, so I might be biased). Regards, Christoph -- Spare Space
