On 08/22/2018 12:54 PM, Ravi Krishna wrote: >> >> How is that different from giving your grants to a database role and >> just telling the new user the name and password of that role to connect as? > > Well here I have to do some work, with the groups approach, it is outsourced to devops. Secondly when you take into account AD, the user does not have to remember his password for db login. It is same as AD. So it seems to me that the feature may be worth adding is to fetch the password, *as well as "ldapsearchattribute"* from LDAP: https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-LDAP You should be able to get the role name from AD already, but the password they still have to remember. Although I still don't see this really working for anything more complicated than one database and no user in more than one group. -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
Attachment:
signature.asc
Description: OpenPGP digital signature
