Re: BUG #6264: Superuser does not have inherent Replication permission

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Keith Fiske" <keith(at)omniti(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #6264: Superuser does not have inherent Replication permission
Date: 2011-10-22 15:49:34
Message-ID: 9214.1319298574@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

"Keith Fiske" <keith(at)omniti(dot)com> writes:
> The documentation says replication is inherent to a superuser.

What it actually says is that superusers get the replication privilege
by default --- but you can create a superuser without that. If you
see a place that says something different, please point it out
specifically so we can improve it.

> After testing
> several times, I can assure you it is not.

Please show your test case. It looks to me like it works as expected:

regression=# create user foo superuser;
CREATE ROLE
regression=# create user foo2 superuser noreplication;
CREATE ROLE
regression=# select rolname,rolsuper,rolreplication from pg_authid ;
rolname | rolsuper | rolreplication
----------+----------+----------------
postgres | t | t
foo | t | t
foo2 | t | f
(3 rows)

> If you create a user as a NONsuperuser,
> then later ALTER them to be one, they will NOT have the replication
> permission and cannot be used as a replication user until you explicitly
> grant that permission.

That doesn't sound to me like a bug. These flags are independent, we
just provide a certain default at role creation time.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2011-10-22 16:13:45 Re: 'pg_ctl restart' confused about pathname to postgresql.conf
Previous Message Keith Fiske 2011-10-21 21:54:56 BUG #6264: Superuser does not have inherent Replication permission