inline..
On Thu, Feb 14, 2008 at 1:03 PM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
> "Greg Fausak" <lgfausak@xxxxxxxxx> writes:
> > Can I create a database with 1 million login roles and expect performance to
> > be good? 10 million?
>
> Probably not, as (to my knowledge) no one has ever done any performance
> testing in that domain. I doubt anyone's worked with more than a few
> thousand roles. I can definitely say that granting permissions on the
> same object to many thousands of roles separately would be a Bad Idea.
>
I'm definitely granting permissions to (group) roles, then the roles are
altered to add classes of users. For example, a 'enduser' role and 'admin' role
control the access privileges ia views, and the individual login roles
are granted
either 'enduser' or 'admin' (the group is altered to include the users).
So, your statement that granting permissions on the same object, does
that apply to roles themselves?
The bulk of my permissions boil down to granting a role to a role.
We have good performance now in the 20K user range. I was just curious what
would happen when this gets bumped up a couple orders.
-g
> Feel free to try it, but I'd *strongly* advise doing some performance
> testing before you commit to such a design. And think about how you can
> use groups to reduce redundancy in the permissions data.
>
> regards, tom lane
>
--
Greg Fausak
greg@xxxxxxxxxxxx
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org/
