Quick Links

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)

From:	Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Stephen Frost <sfrost(at)snowman(dot)net>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "chap(at)anastigmatix(dot)net" <chap(at)anastigmatix(dot)net>, torikoshia <torikoshia(at)oss(dot)nttdata(dot)com>
Subject:	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date:	2021-07-26 20:46:13
Message-ID:	202107262046.xz4urxb77nzs@alvherre.pgsql
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 2021-Jul-26, Tom Lane wrote:

> What if we allow event triggers owned by non-superusers, but only fire
> them on commands performed by the trigger's owner? This sidesteps all
> the issues of who has which privileges and whether Alice is malicious
> towards Bob or vice versa, because there is no change of privilege
> domain. Admittedly, it fails to cover some use-cases, but I think it
> would still handle a lot of interesting cases. The impression I have
> is that a lot of applications do everything under just one or a few
> roles.

This is similar but not quite an idea I had: have event triggers owned
by non-superusers run for all non-superusers, but not for superusers.
It is still the case that all non-superusers have to trust everyone with
the event-trigger-create permission, but that's probably the database
owner so most of the time you have to trust them already.

--
Álvaro Herrera Valdivia, Chile — https://www.EnterpriseDB.com/
"Saca el libro que tu religión considere como el indicado para encontrar la
oración que traiga paz a tu alma. Luego rebootea el computador
y ve si funciona" (Carlos Duclós)

In response to

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) at 2021-07-26 20:24:46 from Tom Lane

Responses

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) at 2021-07-26 20:54:33 from Stephen Frost

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Stephen Frost	2021-07-26 20:54:33	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Previous Message	Alvaro Herrera	2021-07-26 20:39:23	Re: Removing "long int"-related limit on hash table sizes