seancolsen
commented
1 month ago Thanks for this, @danielrosehill. And I hope this is actually not your "final" feature request 🙂. Please keep these ideas coming — they're very helpful!
Coincidentally we're currently hard at work in redesigning Mathesar's permission system to be much more closely aligned with the functionality natively available in PostgreSQL.
I'll let @pavish say more about this since he's basically spearheading the effort.
For now I'm categorizing this beta milestone since it sounds like we're likely to be heading in a direction that will satisfy these requirements of yours.
I've added the needs: clarification label because my hope is that @danielrosehill and @pavish will discuss this to the point where our rough plan for the new permissions system will be clear and agreeable to @danielrosehill. Assuming we get to that point with this discussion, I would be inclined to potentially close this issue because that permissions work is tracked elsewhere (though not strictly in issues since it's such a large project). Alternatively if our plans seem to fall short of addressing @danielrosehill's needs, then we could leave this issue open and transform it into more specific requirements to potentially be addressed later.
pavish
Final feature request:
From a usability standpoint, it would be really helpful if admins were able to do any of the following (in order of increasing utility):
1 - Limit users to an individual database (but inherit all permissions within that DB)
2: Limit users to particular schema(s) within one or more databases
3: Inherit role permissions from the databases themselves and map those onto corresponding usernames thereby creating users in Mathesar whose database permissions corresponded to the permissions they hold on the database(s) themselves