From: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Sawada Masahiko <sawada(dot)mshk(at)gmail(dot)com>, David Johnston <david(dot)g(dot)johnston(at)gmail(dot)com>, David Fetter <david(at)fetter(dot)org>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Proposal: knowing detail of config files via SQL |
Date: | 2015-03-04 00:29:41 |
Message-ID: | 54F651F5.2070100@BlueTreble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 3/3/15 5:22 PM, Stephen Frost wrote:
> The
> problem with the role attribute approach is that they aren't inheirted
> the way GRANTs are, which means you can't have a "backup" role that is
> then granted out to users, you'd have to set a "BACKUP" role attribute
> for every role added.
Yeah, but you'd still have to grant "backup" to every role created
anyway, right?
Or you could create a role that has the backup attribute and then grant
that to users. Then they'd have to intentionally SET ROLE my_backup_role
to elevate their privilege. That seems like a safer way to do things...
--
Jim Nasby, Data Architect, Blue Treble Consulting
Data in Trouble? Get it in Treble! http://BlueTreble.com
From | Date | Subject | |
---|---|---|---|
Next Message | Haribabu Kommi | 2015-03-04 00:34:06 | Re: Providing catalog view to pg_hba.conf file - Patch submission |
Previous Message | Jim Nasby | 2015-03-04 00:17:23 | Re: Providing catalog view to pg_hba.conf file - Patch submission |