Quick Links

Re: Granting control of SUSET gucs to non-superusers

From:	Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>
To:	Jacob Champion <pchampion(at)vmware(dot)com>
Cc:	"sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "robertmhaas(at)gmail(dot)com" <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "chap(at)anastigmatix(dot)net" <chap(at)anastigmatix(dot)net>
Subject:	Re: Granting control of SUSET gucs to non-superusers
Date:	2021-05-13 19:30:43
Message-ID:	941B8A0F-CF69-471A-A88C-7CFD2705EEEC@enterprisedb.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> On May 13, 2021, at 12:18 PM, Jacob Champion <pchampion(at)vmware(dot)com> wrote:
>
> On Thu, 2021-05-13 at 11:42 -0700, Mark Dilger wrote:
>> The distinction that Theme+Security would make is that capabilities
>> can be categorized by the area of the system:
>> -- planner
>> -- replication
>> -- logging
>> ...
>> but also by the security implications of what is being done:
>> -- host
>> -- schema
>> -- network
> Since the "security" buckets are being used for both proposals -- how
> you would deal with overlap between them? When a GUC gives you enough
> host access to bleed into the schema and network domains, does it get
> all three attributes assigned to it, and thus require membership in all
> three roles?

Yeah, from a security standpoint, pg_host_admin basically gives everything away. I doubt service providers would give the "host" or "network" security to their tenants, but they would probably consider giving "schema" security to the tenants.

> (Thanks, by the way, for this thread -- I think a "capability system"
> for superuser access is a great idea.)

I am happy to work on this, and appreciate feedback....

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Re: Granting control of SUSET gucs to non-superusers at 2021-05-13 19:18:32 from Jacob Champion

Responses

Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) at 2021-05-25 20:33:54 from Mark Dilger

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2021-05-13 20:12:10	Re: amvalidate(): cache lookup failed for operator class 123
Previous Message	Stephen Frost	2021-05-13 19:27:15	Re: Granting control of SUSET gucs to non-superusers