Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why did PostgreSQL merge users and groups into roles?

Tags:

From the PostgreSQL docs:

The concept of roles subsumes the concepts of "users" and "groups". In PostgreSQL versions before 8.1, users and groups were distinct kinds of entities, but now there are only roles. Any role can act as a user, a group, or both.

Why did they make this change in 8.1?

Perhaps it's easier from the C coders point of view, with a single Role class (struct)?

More details:

CREATE USER is equivalent to CREATE ROLE except that CREATE USER gives the LOGIN permission to the user/role.

(I'm about to design a permission system for my webapp, hence I'm interested in this.)

like image 394
KajMagnus Avatar asked Dec 13 '11 06:12

KajMagnus


People also ask

What is the difference between role and user in PostgreSQL?

Users, groups, and roles are the same thing in PostgreSQL, with the only difference being that users have permission to log in by default. The CREATE USER and CREATE GROUP statements are actually aliases for the CREATE ROLE statement.

Which default role is created automatically with PostgreSQL?

postgres is no default role. When you create the PostgreSQL database cluster with initdb , you can specify the name of the installation superuser with the -U option. If you omit that option, the name of the superuser will be the same as the name of the operating system user you are using.

What is Group role in PostgreSQL?

Introduction to PostgreSQL group roles Typically, you create a role that represents a group and then grants membership in the group role to individual roles. By convention, a group role does not have the LOGIN privilege. It means that you will not be able to use the group role to log in to PostgreSQL.

What are the default roles in PostgreSQL?

PostgreSQL provides a set of default roles which provide access to certain, commonly needed, privileged capabilities and information. Administrators can GRANT these roles to users and/or other roles in their environment, providing those users with access to the specified capabilities and information.


1 Answers

The merge has many advantages and no disadvantages. For instance, you can now seamlessly convert a "user" to a "group" and vice versa by adding / removing the LOGIN privilege.

ALTER ROLE myrole LOGIN; ALTER ROLE myrole NOLOGIN; 

Or you can GRANT membership in any other login ("user") or non-login role ("group") to a role:

GRANT joe TO sue; 

You can still:

CREATE USER james; 

That's just a role with login privilege now. Or:

CREATE GROUP workers; 

That's effectively the same as CREATE ROLE now.

The manual has it all.

like image 181
Erwin Brandstetter Avatar answered Oct 05 '22 17:10

Erwin Brandstetter