> -----Original Message-----
> From: pgadmin-support-owner@postgresql.org
> [mailtogadmin-support-owner@postgresql.org] On Behalf Of
> Thomas Sondag
> Sent: 24 May 2006 17:28
> To: pgadmin-support@postgresql.org
> Subject: [pgadmin-support] Proposed Patchs
>
> Hi,
>
> With PostgreSQL 8.1 and new ROLE object remplacing traditional
> USER/GROUP, I was a bit confuse using the dlgProperty and
> dlgSecurityProperty dialog because I can only select USER (ROLE with
> LOGIN privilege) for owner and GROUP (ROLE without LOGIN privilege)
> for privileges .
> And I not sure this comportment can match all PostgreSQL 8.1 usages
> scenarios (like one of my case).
>
> This proposed patch :
> - change owner and privilege list to get the full ROLE list.

How is this different from the current behaviour if the Show Users for
Privileges option is turned on? The whole point there is to promote the
use of group based permissions rather than user based for both
simplicity (because the list only shows the groups), and for cleanliness
of design (users come and go, groups tend to be more permanent). In 8.1+
of course, we simply replace users and groups with roles with or without
the login flag.

> - select by default currently connected ROLE in the owner list
> (replacing the blank filed) for new object creation

OK.

> - remove pg_global in the available tablespace list

Probably a good idea, yes.

> - select current user default tablespace in tablespace list
> (replacing the blank filed, yes I don't like blank field) for new
> object creation

OK.

Regards, Dave.

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq

2006/5/24, Dave Page <dpage@vale-housing.co.uk>:
>
>
> > -----Original Message-----
> > From: pgadmin-support-owner@postgresql.org
> > [mailtogadmin-support-owner@postgresql.org] On Behalf Of
> > Thomas Sondag
> > Sent: 24 May 2006 17:28
> > To: pgadmin-support@postgresql.org
> > Subject: [pgadmin-support] Proposed Patchs
> >
> > Hi,
> >
> > With PostgreSQL 8.1 and new ROLE object remplacing traditional
> > USER/GROUP, I was a bit confuse using the dlgProperty and
> > dlgSecurityProperty dialog because I can only select USER (ROLE with
> > LOGIN privilege) for owner and GROUP (ROLE without LOGIN privilege)
> > for privileges .
> > And I not sure this comportment can match all PostgreSQL 8.1 usages
> > scenarios (like one of my case).
> >
> > This proposed patch :
> > - change owner and privilege list to get the full ROLE list.
>
> How is this different from the current behaviour if the Show Users for
> Privileges option is turned on? The whole point there is to promote the
> use of group based permissions rather than user based for both
> simplicity (because the list only shows the groups), and for cleanliness
> of design (users come and go, groups tend to be more permanent). In 8.1+
> of course, we simply replace users and groups with roles with or without
> the login flag.
>
Hum, I miss this option ... sorry, but the main difference with the
current behaviour is for object owning. The main idea was to set
object owner to a group like that :
database foo -> group foo
schema bar -> group bar
schema bar read user -> user toto

I don't know if that's a good policy, but this case may exist, we may
add an option like "Show Group for object owning" ?

This is not the appropriate list to talk about that, but I'm realy
interested in a good practice guide for privilege and owning
management for PostgreSQL, like create an admin account without
superuser right, use samerole in pg_hba.conf and so on ...

> > - select by default currently connected ROLE in the owner list
> > (replacing the blank filed) for new object creation
>
> OK.
>
The last bug I have is for database creation, I don't know how to get
the current login.

> > - remove pg_global in the available tablespace list
>
> Probably a good idea, yes.
>
> > - select current user default tablespace in tablespace list
> > (replacing the blank filed, yes I don't like blank field) for new
> > object creation
>
> OK.
>
> Regards, Dave.
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>
Thomas

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

http://archives.postgresql.org