> The SQL idea of role is substantially braindead. A more useful model

is

> the ability to for a user with a role to grant that role, with

optional

> grant rights, to another user. An even more useful model is allow a
> user to change his roles within a session. An still more useful role
> is to let a user activate or deactivate any roles from his set of
> available roles.

An even better model is one where I don't have to do anything!

> For example, you, Sean, have the roles of Firebird admin, developer

list

> curmudgeon, and boss of Nickolay. You can switch among those roles

But I don't need to 'switch' between those roles! I am those things.

What I am doing determines the role and I am fulfilling. I don't have
to switch, I just do my job -- I can be both a curmudgeon and Nickolay's
boss at the same time! It don't need to switch between the two.

> On a good day, you can probably do things that requires the union
> of privileges from all three.

But what I can do, it always based on the union of all my privileges.


Sean