| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Florian Pflug <fgp(at)phlo(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Streaming replication as a separate permissions |
| Date: | 2011-01-03 16:20:38 |
| Message-ID: | 20326.1294071638@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On the other hand, the REPLICATION privilege is denying you the right to
> perform an operation *even though you already are authenticated as a
> superuser*. I don't think there's anywhere else in the system where
> we allow a privilege to non-super-users but deny that same privilege
> to super-users, and I don't think we should be starting now.
You might want to reflect on rolcatupdate a bit before asserting that
there are no cases where privileges are ever denied to superusers.
However, that precedent would suggest that the default should be to
grant the replication bit to superusers.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2011-01-03 16:21:15 | Re: Re: new patch of MERGE (merge_204) & a question about duplicated ctid |
| Previous Message | Magnus Hagander | 2011-01-03 16:19:25 | Re: Scanning pg_tablespace from walsender |