| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | richard coleman <rcoleman(dot)ascentgl(at)gmail(dot)com>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: database specific pg_read_all_data / pg_write_all_data |
| Date: | 2025-12-10 18:13:11 |
| Message-ID: | 39975699-715e-4587-91e2-f976e2fca6af@joeconway.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On 12/10/25 12:33, Tom Lane wrote:
> "David G. Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> writes:
>> Fundamentally making group-role memberships per-database is a fundamental
>> change that seems quite unappealing to attempt without a solid use case
>> that it will enable.
>
> Yeah, I think this would be bad from both the intellectual-complexity
> and implementation-difficulty standpoints.
>
> However ... we've had multiple requests in the past to invent
> database-specific roles. I wonder if it'd suffice for Richard's
> purposes to create such roles and grant them pg_read_all_data.
There is a significant real world demand for doing multi-tenant
PostgreSQL by having one tenant per database. It is not ideal by any
means, but a substantial number of folks use that strategy whether we
like it or not.
Anything we can do to make it less sketchy and painful would be useful
indeed.
--
Joe Conway
PostgreSQL Contributors Team
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gunnar | 2025-12-12 16:41:24 | Re: pgping? |
| Previous Message | richard coleman | 2025-12-10 18:00:35 | Re: database specific pg_read_all_data / pg_write_all_data |