Hacker News new | past | comments | ask | show | jobs | submit login

Roles are for services not for users. If you have a read-only Web api then it makes sense to use a read-only role regardless of which user is using it.



Everything in PostgreSQL is a role.

It's just named such that when a ROLE allows `login` it's considered a user


Someone was feeling very clever when they came up with this idea.


It makes a lot of sense, especially since in the SQL standard, you can grant privileges to "users" or "roles."

Might as well simplify the mental model and make them the same.


This is part of what many people find so confusing. In most systems “role” is a group (or something closely resembling a group), not a user. The weird terminology confuses beginners


It's a bit confusing and legacy.

All roles function like you would expect groups to function

A role that is not allowed to login is a `group`.

While the CREATE USER and CREATE GROUP commands still exist, they are simply aliases for CREATE ROLE.


To me, the comment you are replying to is saying that you should^ DIFFERENTIATE roles by service, not ‘end user’.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: