| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | torikoshia <torikoshia(at)oss(dot)nttdata(dot)com> |
| Cc: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, robertmhaas(at)gmail(dot)com, pgsql-hackers(at)postgresql(dot)org, tgl(at)sss(dot)pgh(dot)pa(dot)us, chap(at)anastigmatix(dot)net |
| Subject: | Re: Delegating superuser tasks to new security roles |
| Date: | 2021-06-15 15:39:07 |
| Message-ID: | 20210615153907.GA20766@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* torikoshia (torikoshia(at)oss(dot)nttdata(dot)com) wrote:
> On 2021-06-14 23:53, Mark Dilger wrote:
> >>On Jun 14, 2021, at 5:51 AM, torikoshia <torikoshia(at)oss(dot)nttdata(dot)com>
> >>wrote:
> >>BTW, do these patches enable non-superusers to create user with
> >>bypassrls?
[...]
> >Do you believe that functionality should be added? I have not thought
> >much about that issue.
>
> I just noticed that because I was looking into operations that can only be
> done by superusers.
In general, I agree with the sentiment that we should be providing a way
to have non-superusers able to do things that only a superuser can do
today. I'd love to get rid of all of the explicit superuser checks in
the backend except the one that makes a superuser a member of all roles.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Guo | 2021-06-15 15:39:59 | Should wal receiver reply to wal sender more aggressively? |
| Previous Message | Stephen Frost | 2021-06-15 15:33:10 | Re: Duplicate history file? |