| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "chap(at)anastigmatix(dot)net" <chap(at)anastigmatix(dot)net>, torikoshia <torikoshia(at)oss(dot)nttdata(dot)com> |
| Subject: | Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) |
| Date: | 2021-07-27 15:36:54 |
| Message-ID: | 304963.1627400214@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> Dang it, yes. The tenant needs to be members of all the other users,
> not the other way around. I spent a long time trying to not get that
> backwards and still did.
The "membership" terminology is inherently confusing I fear.
Maybe better to say that all the roles-to-be-audited must
be GRANTed to the "tenant" role?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dagfinn Ilmari Mannsåker | 2021-07-27 15:52:38 | Re: Reduce the number of special cases to build contrib modules on windows |
| Previous Message | Andrew Dunstan | 2021-07-27 15:29:58 | Re: Reduce the number of special cases to build contrib modules on windows |