Обсуждение: Valid characters for user/role/group names?
In my continuing quest for multi-tenant ways I'm trying to come up with
a method to name roles, users, and groups that will not clash across the
cluster. The plans are to have one database per tenant and place
applications in different schema in those databases. This is working
fine so far but I'm now trying to come up with a naming scheme that will
allow a dba account for tenant_1, tenant_2, etc.
I found, several months ago, a posting about using the at "@" symbol
in a role name so there could be a dba@tenant_1, dba@tenant_2, etc. I
can't find the article again but I remember there was a reference to
possible issues with using the '@' and username entries in pg_hba.conf
If the '@' isn't a problem (other than possibly not being valid
according to the SQL standard I was going to use an '@tenant_1.txt'
entry in pg_hba.conf and place dba@tenant_1, bob@tenant_1,
sally@tenant_1 in it.
But according to
http://www.postgresql.org/docs/current/interactive/sql-syntax-lexical.html
"SQL identifiers and key words must begin with a letter (a-z, but also
letters with diacritical marks and non-Latin letters) or an underscore
(_). Subsequent characters in an identifier or key word can be letters,
underscores, digits (0-9), or dollar signs ($). Note that dollar signs
are not allowed in identifiers according to the letter of the SQL
standard, so their use might render applications less portable. ... "
I'm wondering what the reference to "non-Latin" letters means.
Anyone have a solution to this?
Thanks,
Rod
--
On Wed, Feb 25, 2009 at 08:50:15AM -0800, Roderick A. Anderson wrote: > http://www.postgresql.org/docs/current/interactive/sql-syntax-lexical.html > > "SQL identifiers and key words must begin with a letter (a-z, but also > letters with diacritical marks and non-Latin letters) or an underscore > (_). Subsequent characters in an identifier or key word can be letters, > underscores, digits (0-9), or dollar signs ($). Note that dollar signs > are not allowed in identifiers according to the letter of the SQL > standard, so their use might render applications less portable. ... " You'd want to put double quotes around the identifier. Try searching for "quoted identifier" in the above page. -- Sam http://samason.me.uk/
Sam Mason <sam@samason.me.uk> writes:
> You'd want to put double quotes around the identifier. Try searching
> for "quoted identifier" in the above page.
Note that the double quotes would be needed when referencing the role
identifier in SQL commands (eg CREATE ROLE). In other contexts, such
as pg_hba.conf or psql's command-line -U switch, the rules might well
be different; you might not need quotes, or you might need some other
kind of quoting. I'd suggest a bit of experimenting before you
settle on a grand plan.
regards, tom lane
Roderick A. Anderson wrote:
> In my continuing quest for multi-tenant ways I'm trying to come up with
> a method to name roles, users, and groups that will not clash across the
> cluster.
<snip />
While testing and researching I discovered prior work. I was using
different terminology.
http://wiki.postgresql.org/wiki/Shared_Database_Hosting
Well my need go a little deeper but they were touched on.
There is also the thread from last August.
http://archives.postgresql.org/pgsql-admin/2008-08/msg00049.php
My thanks to Sam Mason and Tom Lane for the ideas and suggestions. I'm
still working through where quoting is needed and not when using pgAdmin
III and psql.
Rod
--