On 03/02/2014 08:48 PM, François Beausoleil wrote:
Hi all,
I have four roles involved:
meetphil - the database owner, should not login
mpwebui - the role the web application logs in as, should have very limited privileges, but should be able to SET ROLE to a user that has the correct privileges, should login
mpusers - the main group for regular users, the group on which I'll grant default privileges, should not login
francois - one of the roles that has the right to do stuff, should login
I've gist'd everything here: https://gist.github.com/francois/9318054 (also appended at the end of this email).
In a fresh cluster, I create my users:
$ psql -U meetphil -d meetphil
psql (9.1.5)
Type "help" for help.
meetphil=> \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
colette | | {mpusers}
francois | | {mpusers}
meetphil | | {}
mpusers | Cannot login | {}
mpwebui | No inheritance | {mpusers}
postgres | Superuser, Create role, Create DB, Replication | {}
rene | | {mpusers}
If I am following correctly what you want is something like this:
------ mpusers < ----
| |
\|/ |
francois mpwebui
In other words access sibling roles through a parent role. Is this correct?
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
