| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Keith Fiske <keith(at)omniti(dot)com>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: Re: BUG #6264: Superuser does not have inherent Replication permission |
| Date: | 2011-10-27 22:15:21 |
| Message-ID: | 7162.1319753721@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Noah Misch <noah(at)leadboat(dot)com> writes:
> Let's look at the behavior of DDL-exposed access constraints for precedent. We
> currently have three paradigms for applying access control to superusers:
> 1. Settings that affect superusers and regular users identically. These include
> ALTER ROLE ... LOGIN | VALID UNTIL.
> 2. Rights that superusers possess implicitly and irrevocably; the actual setting
> recorded in pg_authid or elsewhere has no effect. These include GRANT ... ON
> TABLE and ALTER ROLE ... CREATEDB | CREATEROLE.
> 3. ALTER ROLE ... REPLICATION is very similar to #1, except that CREATE ROLE
> ... SUPERUSER implies CREATE ROLE ... SUPERUSER REPLICATION.
> I think we should merge #3 into #2; nothing about the REPLICATION setting
> justifies a distinct paradigm.
Yeah, there's much to be said for that. I thought the notion of a
privilege that superusers might not have was pretty bogus to start with.
rolcatupdate isn't a very good precedent to rely on because it's never
been documented or used to any noticeable extent, so there's no reason
to think that it provides a tested-and-accepted behavior.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | goudvis | 2011-10-27 23:02:47 | Re: BUG #6269: Anomaly detection |
| Previous Message | Noah Misch | 2011-10-27 21:01:32 | Re: BUG #6264: Superuser does not have inherent Replication permission |