| From: | Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Recognizing superuser in pg_hba.conf |
| Date: | 2019-12-28 17:19:58 |
| Message-ID: | 4ba3ad54-bb32-98c6-033a-ccca7058fc2f@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
It can sometimes be useful to match against a superuser in pg_hba.conf.
For example, one could imagine wanting to reject nonsuperuser from a
particular database.
This used to be possible by creating an empty role and matching against
that, but that functionality was removed (a long time ago) by commit
94cd0f1ad8a.
Adding another keyword can break backwards compatibility, of course. So
that is an issue that needs to be discussed, but I don't imagine too
many people are using role names "superuser" and "nonsuperuser". Those
who are will have to quote them.
--
Vik Fearing +33 6 46 75 15 36
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
| Attachment | Content-Type | Size |
|---|---|---|
| hba_superuser.0001.patch | text/x-patch | 1.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-12-28 17:56:47 | Re: PostgreSQL 12.1 patch for "private_modify" table creation option for data validation reinforcement |
| Previous Message | Peter Eisentraut | 2019-12-28 17:05:28 | Re: ALTER TABLE support for dropping generation expression |