Tom Lane wrote:
> Richard Huxton <dev@archonet.com> writes:
>
>>Zlatko Matiæ wrote:
>>
>>>I was thinking about two possible scenarios: a) to allow regular users
>>>to create new users b) to restrict superuser's permissions
>>>
>>>What is possible and what do you suggest ?
>
>>Neither is possible directly. (B) means they're not a superuser and (A)
>>means they are.
>
> There has been some talk of separating the power to create new users
> from the power of being superuser (although presumably only a superuser
> should be allowed to create new superusers). If the planned pg_role
> rewrite gets submitted before the 8.1 feature freeze, I might look at
> adding that frammish into it.
Did I see talk of per-database users too? That would be a sensible
dividing-line I suppose - you could have complete control of "your"
database and who can access it without interfering with anyone else.
--
Richard Huxton
Archonet Ltd