| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Petr Jelinek <petr(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Additional role attributes && superuser review |
| Date: | 2015-04-30 00:20:04 |
| Message-ID: | 20150430002004.GL4369@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> I think that if you commit this the way you have it today, everybody
> will go, oh, look, Stephen committed something, but it looks
> complicated, I won't pay attention.
Yeah, that sucks.
> Finally, you've got the idea of making pg_ a reserved prefix for
> roles, adding some predefined roles, and giving them some predefined
> privileges. That should be yet another patch.
On this part I have a bit of a problem -- the prefix is not really
reserved, is it. I mean, evidently it's still possible to create roles
with the pg_ prefix ... otherwise, how come the new lines to
system_views.sql that create the "predefined" roles work in the first
place? I think if we're going to reserve role names, we should reserve
them for real: CREATE ROLE should flat out reject creation of such
roles, and the default ones should be created during bootstrap.
IMO anyway.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin Flower | 2015-04-30 00:33:57 | Re: Additional role attributes && superuser review |
| Previous Message | Tom Lane | 2015-04-30 00:11:48 | Re: Incompatible trig error handling |