Skip site navigation (1) Skip section navigation (2)

Re: BUG #6264: Superuser does not have inherent Replication permission

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Keith Fiske" <keith(at)omniti(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #6264: Superuser does not have inherent Replication permission
Date: 2011-10-22 15:49:34
Message-ID: 9214.1319298574@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
"Keith Fiske" <keith(at)omniti(dot)com> writes:
> The documentation says replication is inherent to a superuser.

What it actually says is that superusers get the replication privilege
by default --- but you can create a superuser without that.  If you
see a place that says something different, please point it out
specifically so we can improve it.

> After testing
> several times, I can assure you it is not.

Please show your test case.  It looks to me like it works as expected:

regression=# create user foo superuser;
CREATE ROLE
regression=# create user foo2 superuser noreplication;
CREATE ROLE
regression=# select rolname,rolsuper,rolreplication from pg_authid ;
 rolname  | rolsuper | rolreplication 
----------+----------+----------------
 postgres | t        | t
 foo      | t        | t
 foo2     | t        | f
(3 rows)


> If you create a user as a NONsuperuser,
> then later ALTER them to be one, they will NOT have the replication
> permission and cannot be used as a replication user until you explicitly
> grant that permission.

That doesn't sound to me like a bug.  These flags are independent, we
just provide a certain default at role creation time.

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2011-10-22 16:13:45
Subject: Re: 'pg_ctl restart' confused about pathname to postgresql.conf
Previous:From: Keith FiskeDate: 2011-10-21 21:54:56
Subject: BUG #6264: Superuser does not have inherent Replication permission

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group