Skip site navigation (1) Skip section navigation (2)

Re: Streaming replication as a separate permissions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Florian Pflug <fgp(at)phlo(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Streaming replication as a separate permissions
Date: 2011-01-03 16:20:38
Message-ID: 20326.1294071638@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On the other hand, the REPLICATION privilege is denying you the right to
> perform an operation *even though you already are authenticated as a
> superuser*.  I don't think there's anywhere else in the system where
> we allow a privilege to non-super-users but deny that same privilege
> to super-users, and I don't think we should be starting now.

You might want to reflect on rolcatupdate a bit before asserting that
there are no cases where privileges are ever denied to superusers.

However, that precedent would suggest that the default should be to
grant the replication bit to superusers.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Robert HaasDate: 2011-01-03 16:21:15
Subject: Re: Re: new patch of MERGE (merge_204) & a question about duplicated ctid
Previous:From: Magnus HaganderDate: 2011-01-03 16:19:25
Subject: Re: Scanning pg_tablespace from walsender

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group