| From: | Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Recognizing superuser in pg_hba.conf |
| Date: | 2020-01-02 20:13:00 |
| Message-ID: | 87zhf5k4bc.fsf@news-spur.riddles.org.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>>>>> "Tom" == Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> We already have a reserved namespace when it comes to roles,
>> specifically "pg_".. why invent something new like this '&' prefix
>> when we could just declare that 'pg_superusers' is a role to which
>> all superusers are members? Or something along those lines?
Tom> Meh. If the things aren't actually roles, I think this'd just add
Tom> confusion. Or were you proposing to implement them as roles? I'm
Tom> not sure if that would be practical in every case.
In fact my original suggestion when this idea was discussed on IRC was
to remove the current superuser flag and turn it into a role; but the
issue then is that role membership is inherited and superuserness
currently isn't, so that's a more intrusive change.
--
Andrew (irc:RhodiumToad)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2020-01-02 20:17:26 | Re: Recognizing superuser in pg_hba.conf |
| Previous Message | Tom Lane | 2020-01-02 20:04:41 | Re: Recognizing superuser in pg_hba.conf |