On 03/02/2014 08:48 PM, François Beausoleil wrote:
> Hi all,
>
> I have four roles involved:
>
> meetphil - the database owner, should not login
> mpwebui - the role the web application logs in as, should have very limited privileges, but should be able to SET
ROLEto a user that has the correct privileges, should login
> mpusers - the main group for regular users, the group on which I'll grant default privileges, should not login
> francois - one of the roles that has the right to do stuff, should login
>
> I've gist'd everything here: https://gist.github.com/francois/9318054 (also appended at the end of this email).
>
> In a fresh cluster, I create my users:
>
> $ psql -U meetphil -d meetphil
> psql (9.1.5)
> Type "help" for help.
>
> meetphil=> \du
> List of roles
> Role name | Attributes | Member of
> -----------+------------------------------------------------+-----------
> colette | | {mpusers}
> francois | | {mpusers}
> meetphil | | {}
> mpusers | Cannot login | {}
> mpwebui | No inheritance | {mpusers}
> postgres | Superuser, Create role, Create DB, Replication | {}
> rene | | {mpusers}
>
If I am following correctly what you want is something like this:
------ mpusers < ----
| |
\|/ |
francois mpwebui
In other words access sibling roles through a parent role. Is this correct?
--
Adrian Klaver
adrian.klaver@aklaver.com