From:
Robert Haas <robertmhaas(at)gmail(dot)com>
To:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:
Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Florian Pflug <fgp(at)phlo(dot)org>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:
Re: Streaming replication as a separate permissions
Date:
2011-01-03 16:23:29
Message-ID:
AANLkTimCGPX=QNQFasx++h3Lpw1UOb6NVMDfHxDo40i4@mail.gmail.com (view raw or flat )
Thread:
2010-12-23 09:53:10 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 15:15:21 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 15:49:45 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 15:54:41 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 15:57:23 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 19:59:02 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 20:34:33 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 20:35:15 from Stefan Kaltenbrunner <stefan(at)kaltenbrunner(dot)cc>
2010-12-24 02:37:30 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-24 03:16:18 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-24 03:36:51 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-24 04:00:14 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-24 04:31:38 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-24 04:46:30 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-27 09:53:22 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 11:15:11 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 11:42:19 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-27 15:33:53 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 15:40:10 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 21:04:22 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 21:42:09 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 21:53:35 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-28 12:05:36 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 10:09:06 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 14:05:02 from Gurjeet Singh <singh(dot)gurjeet(at)gmail(dot)com>
2010-12-29 14:40:34 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-29 19:12:21 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-12-30 11:57:09 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-30 13:59:41 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-12-30 15:53:24 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-30 14:54:31 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-31 14:38:29 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-03 11:00:24 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-03 15:59:54 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-03 16:20:38 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2011-01-03 16:23:29 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-03 22:50:35 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-05 03:24:20 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-05 13:24:45 from Magnus Hagander <magnus(at)hagander(dot)net>
2011-01-05 14:05:33 from Robert Haas <robertmhaas(at)gmail(dot)com>
2011-01-06 04:59:00 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2011-01-06 04:55:11 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-24 11:34:52 from Florian Pflug <fgp(at)phlo(dot)org>
2010-12-23 22:11:08 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:21:53 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 22:24:33 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:29:13 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-30 14:54:28 from Peter Eisentraut <peter_e(at)gmx(dot)net>
2010-12-30 15:08:09 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-23 22:33:42 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:38:11 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 22:44:02 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-23 22:49:14 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:57:25 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 22:45:19 from Stephen Frost <sfrost(at)snowman(dot)net>
2010-12-23 22:59:28 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-24 00:08:38 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-12-24 00:11:31 from Josh Berkus <josh(at)agliodbs(dot)com>
2010-12-23 19:57:08 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-23 20:31:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-12-27 08:32:21 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 09:36:28 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 09:52:57 from Dave Page <dpage(at)pgadmin(dot)org>
2010-12-27 10:34:55 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 11:00:30 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 13:25:29 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 13:41:27 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 13:51:50 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 13:54:07 from Magnus Hagander <magnus(at)hagander(dot)net>
2010-12-27 15:45:39 from Simon Riggs <simon(at)2ndQuadrant(dot)com>
2010-12-27 15:55:11 from Magnus Hagander <magnus(at)hagander(dot)net>
Lists:
pgsql-hackers
On Mon, Jan 3, 2011 at 11:20 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On the other hand, the REPLICATION privilege is denying you the right to
>> perform an operation *even though you already are authenticated as a
>> superuser*. I don't think there's anywhere else in the system where
>> we allow a privilege to non-super-users but deny that same privilege
>> to super-users, and I don't think we should be starting now.
>
> You might want to reflect on rolcatupdate a bit before asserting that
> there are no cases where privileges are ever denied to superusers.
Oh, huh. I wasn't aware of that.
> However, that precedent would suggest that the default should be to
> grant the replication bit to superusers.
Yes it would.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
In response to
Responses
pgsql-hackers by date
Next :From: Simon RiggsDate: 2011-01-03 16:29:19Subject : Re: Re: new patch of MERGE (merge_204) & a question
about duplicated ctidPrevious :From : Robert HaasDate : 2011-01-03 16:21:15Subject : Re: Re: new patch of MERGE (merge_204) & a question about
duplicated ctid
