Skip site navigation (1) Skip section navigation (2)

Re: Streaming replication as a separate permissions

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Peter Eisentraut <peter_e(at)gmx(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Florian Pflug <fgp(at)phlo(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Streaming replication as a separate permissions
Date: 2011-01-03 11:00:24
Message-ID: AANLkTikE6AzSntA-DNoVb59Wrh4Ny_pCLKsFeWma77=v@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Fri, Dec 31, 2010 at 15:38, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Thu, Dec 30, 2010 at 15:54, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>> On ons, 2010-12-29 at 11:09 +0100, Magnus Hagander wrote:
>>> I've applied this version (with some minor typo-fixes).
>>
>> This page is now somewhat invalidated:
>>
>> http://developer.postgresql.org/pgdocs/postgres/role-attributes.html
>
> Hmm. Somehow I missed that page completely when looking through the
> docs. I'll go update that.

BTW, shouldn't CONNECTION LIMIT be listed on that page? and INHERIT?
And VALID UNTIL? They're all role attributes, no? At least the last
two certainly interact with the authentication system...


>> First, it doesn't mention the replication privilege, and second it
>> continues to claim that superuser status bypasses all permission checks.
>
> Well, that was *already* wrong.
>
> superuser doesn't bypass NOLOGIN.
>
> That doesn't mean it shouldn't be fixed, but that's independent of the
> replication role.

I've committed a fix for this.

-- 
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/

In response to

Responses

pgsql-hackers by date

Next:From: Simon RiggsDate: 2011-01-03 11:10:40
Subject: Re: Sync Rep Design
Previous:From: Greg SmithDate: 2011-01-03 10:35:40
Subject: Re: Recovery conflict monitoring

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group