Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-committers(at)postgresql(dot)org
Subject: Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo
Date: 2011-11-03 20:04:03
Message-ID: 4EB2F3B3.6020509@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

On 11/03/2011 03:16 PM, Tom Lane wrote:
> Andrew Dunstan<andrew(at)dunslane(dot)net> writes:
>> Do not treat a superuser as a member of every role for HBA purposes.
>> This makes it possible to use reject lines with group roles.
> As committed, this patch also changes the behavior of "samerole", but
> the doc update fails to reflect that.
>
>

I'm happy to update the docs if you think it's necessary. I think this
is desired behaviour, for the same reason as for named roles, namely
that you can add superusers to the list if necessary. I can't think of a
sane case where this would make a difference, but I'm happy to be
pedantic if you like.

cheers

andrew

In response to

Browse pgsql-committers by date

  From Date Subject
Next Message Andrew Dunstan 2011-11-03 20:34:52 pgsql: Role membership of superusers is only by explicit membership for
Previous Message Tom Lane 2011-11-03 19:16:53 Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo