| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Nathan Bossart <nathandbossart(at)gmail(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: use has_privs_of_role() for pg_hba.conf |
| Date: | 2022-10-08 15:14:06 |
| Message-ID: | 3574712.1665242046@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Joe Conway <mail(at)joeconway(dot)com> writes:
> Thanks -- looks good to me. If there are no other comments or concerns,
> I will commit/push by the end of the weekend.
Robert seems to think that this patch might be completely misguided,
so I'm not sure we have real consensus. I think he may have a point.
An angle that he didn't bring up is that we've had proposals, and
even I think a patch, for inventing database-local privileges.
If that were to become a thing, it would interact very badly with
this idea, because it would often not be clear which set of privileges
to consider. As long as HBA checks consider membership, and we don't
invent database-local role membership, there's no problem.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2022-10-08 15:46:50 | Re: use has_privs_of_role() for pg_hba.conf |
| Previous Message | Joe Conway | 2022-10-08 14:38:00 | Re: use has_privs_of_role() for pg_hba.conf |