From:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:
Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:
Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>,
Stephen Frost <sfrost(at)snowman(dot)net>, Florian Pflug <fgp(at)phlo(dot)org>,
PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:
Re: Streaming replication as a separate permissions
Date:
2011-01-03 16:20:38
Message-ID:
20326.1294071638@sss.pgh.pa.us (view raw or flat )
Thread:
2010-12-23 09:53:10 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 15:15:21 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 15:49:45 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 15:54:41 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 15:57:23 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 19:59:02 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 20:34:33 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 20:35:15 from Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
2010-12-24 02:37:30 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-24 03:16:18 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-24 03:36:51 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-24 04:00:14 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-24 04:31:38 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-24 04:46:30 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-27 09:53:22 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 11:15:11 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 11:42:19 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-27 15:33:53 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 15:40:10 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 21:04:22 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 21:42:09 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 21:53:35 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-28 12:05:36 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 10:09:06 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 14:05:02 from Gurjeet Singh <singh(dot)gurjeet(at)gmail(dot)com>
2010-12-29 14:40:34 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 19:12:21 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-12-30 11:57:09 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-30 13:59:41 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-12-30 15:53:24 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-30 14:54:31 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-31 14:38:29 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-03 11:00:24 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-03 15:59:54 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-03 16:20:38 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2011-01-03 16:23:29 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-03 22:50:35 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-05 03:24:20 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-05 13:24:45 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-05 14:05:33 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-06 04:59:00 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2011-01-06 04:55:11 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-24 11:34:52 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-23 22:11:08 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:21:53 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 22:24:33 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:29:13 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-30 14:54:28 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-30 15:08:09 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 22:33:42 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:38:11 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:44:02 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 22:49:14 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:57:25 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 22:45:19 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:59:28 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-24 00:08:38 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-24 00:11:31 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 19:57:08 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 20:31:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 08:32:21 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 09:36:28 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 09:52:57 from Dave Page <dpage(at)pgadmin(dot)org>
2010-12-27 10:34:55 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 11:00:30 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 13:25:29 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 13:41:27 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 13:51:50 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 13:54:07 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 15:45:39 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 15:55:11 from Magnus Hagander <magnus(at)hagander(dot)net>
Lists:
pgsql-hackers
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On the other hand, the REPLICATION privilege is denying you the right to
> perform an operation *even though you already are authenticated as a
> superuser*. I don't think there's anywhere else in the system where
> we allow a privilege to non-super-users but deny that same privilege
> to super-users, and I don't think we should be starting now.
You might want to reflect on rolcatupdate a bit before asserting that
there are no cases where privileges are ever denied to superusers.
However, that precedent would suggest that the default should be to
grant the replication bit to superusers.
regards, tom lane
In response to
Responses
pgsql-hackers by date
Next :From: Robert HaasDate: 2011-01-03 16:21:15Subject : Re: Re: new patch of MERGE (merge_204) & a question about
duplicated ctidPrevious :From : Magnus HaganderDate : 2011-01-03 16:19:25Subject : Re: Scanning pg_tablespace from walsender
