Skip site navigation (1) Skip section navigation (2)

Re: superusers are members of all roles?

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: superusers are members of all roles?
Date: 2011-09-12 03:27:40
Message-ID: CA+TgmobBa+C3cDx1hJ-YbD+jpYb8WEjvg=yE=s7rz3cYOrhy5w@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sun, Sep 11, 2011 at 10:32 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Andrew Dunstan (andrew(at)dunslane(dot)net) wrote:
>> >     Address problem where superusers are assumed to be members of all groups
>> >
>> >         http://archives.postgresql.org/pgsql-hackers/2011-04/msg00337.php
>>
>> This turns out to be a one-liner.
>
> I really don't know that I agree with removing this, to be honest..  I
> haven't got time at the moment to really discuss it, but at the very
> least, not being able to 'set role' to any user when postgres would be
> REALLY annoying..

Sure.  But I don't believe anyone has proposed changing that.  What
we're talking about here is that, for example, setting a reject rule
for a certain group in pg_hba.conf will always match superusers, even
though they're not in that group.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

pgsql-hackers by date

Next:From: Andrew DunstanDate: 2011-09-12 03:29:59
Subject: Re: superusers are members of all roles?
Previous:From: Amit KapilaDate: 2011-09-12 03:08:25
Subject: Re: cheaper snapshots redux

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group