From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Kaiting Chen <kaitocracy(at)gmail(dot)com>, pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #5763: pg_hba.conf not honored |
Date: | 2010-11-28 16:46:51 |
Message-ID: | 22066.1290962811@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Tue, Nov 23, 2010 at 10:29 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I believe the definition of "in role" we use here is "has the privileges
>> of role". Since kaiting.chen is a superuser, all privilege tests will
>> succeed for him, including that one. IOW, a superuser is automatically
>> a member of every role. This isn't a bug.
> I guess it's not a bug if we did it that way on purpose, but it seems
> like testing for actual group membership would be less surprising.
Then you'd have superusers acting like they were group members for some
purposes and not others. Not sure how that would be less surprising.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Shafqat Ali | 2010-11-29 01:45:06 | Re: BUG #5771: C:\Program Files\PostgreSQL\8.3\Data is not accessible. |
Previous Message | Tom Lane | 2010-11-28 16:25:49 | Re: BUG #5773: DEBUG: reaping dead processes DEBUG: server process (PID 10007) was terminated by signal 11: Segme |