Thanks, TODO updated. We still support CREATE GROUP? It translates to roles?
--------------------------------------------------------------------------- Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > Stupid question, but how do roles relate to our existing "groups"? > > As committed, roles subsume both users and groups: a role that permits > login (rolcanlogin) acts as a user, and a role that has members is a > group. It is possible for the same role to do both things, though I'm > not sure that it's good security policy to set up a role that way. > > The advantage over what we had is exactly that there isn't any > distinction, and thus groups can do everything users can and > vice versa: > * groups can own objects > * groups can contain other groups (we forbid loops though) > > Also there is a notion of "admin option" for groups, which is like > "grant option" for privileges: you can designate certain members of > a group as being able to grant ownership in that group to others, > without having to make them superusers. > > regards, tom lane > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073 ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org
