Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why did PostgreSQL merge users and groups into roles?

Tags:

From the PostgreSQL docs:

The concept of roles subsumes the concepts of "users" and "groups". In PostgreSQL versions before 8.1, users and groups were distinct kinds of entities, but now there are only roles. Any role can act as a user, a group, or both.

Why did they make this change in 8.1?

Perhaps it's easier from the C coders point of view, with a single Role class (struct)?

More details:

CREATE USER is equivalent to CREATE ROLE except that CREATE USER gives the LOGIN permission to the user/role.

(I'm about to design a permission system for my webapp, hence I'm interested in this.)

like image 394
KajMagnus Avatar asked Dec 13 '11 06:12

KajMagnus

People also ask

What is the difference between role and user in PostgreSQL?

Users, groups, and roles are the same thing in PostgreSQL, with the only difference being that users have permission to log in by default. The CREATE USER and CREATE GROUP statements are actually aliases for the CREATE ROLE statement.

Which default role is created automatically with PostgreSQL?

postgres is no default role. When you create the PostgreSQL database cluster with initdb , you can specify the name of the installation superuser with the -U option. If you omit that option, the name of the superuser will be the same as the name of the operating system user you are using.

What is Group role in PostgreSQL?

Introduction to PostgreSQL group roles Typically, you create a role that represents a group and then grants membership in the group role to individual roles. By convention, a group role does not have the LOGIN privilege. It means that you will not be able to use the group role to log in to PostgreSQL.

What are the default roles in PostgreSQL?

PostgreSQL provides a set of default roles which provide access to certain, commonly needed, privileged capabilities and information. Administrators can GRANT these roles to users and/or other roles in their environment, providing those users with access to the specified capabilities and information.

1 Answers

The merge has many advantages and no disadvantages. For instance, you can now seamlessly convert a "user" to a "group" and vice versa by adding / removing the LOGIN privilege.

ALTER ROLE myrole LOGIN; ALTER ROLE myrole NOLOGIN;

Or you can GRANT membership in any other login ("user") or non-login role ("group") to a role:

GRANT joe TO sue;

You can still:

CREATE USER james;

That's just a role with login privilege now. Or:

CREATE GROUP workers;

That's effectively the same as CREATE ROLE now.

The manual has it all.

like image 181
Erwin Brandstetter Avatar answered Oct 05 '22 17:10

Erwin Brandstetter
Sign in to Comment

Related questions

Why do we have to name interface method parameters?
How to delete SOLR indexed data by query with curl?
How to make a gui in python [closed]
How to extract data from matplotlib plot
Find absolute java.exe path programmatically from java code
My HTML5 Application Cache Manifest is caching everything
Slow down google panTo function
How much memory is used by a numpy ndarray?
Multiple class attributes in HTML
Can I deploy my ASP.NET MVC 4 application in .net 4
How to invoke the job in SQL Server agent from windows application
Reliable messaging under socket.io?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!