| From: | Alexandra Ryzhevich <aryzhevich(at)google(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Vladimir Rusinov <vrusinov(at)google(dot)com>, Dmitriy Potapov <atomsk(at)google(dot)com> |
| Subject: | Creating extensions for non-superusers |
| Date: | 2018-08-10 15:03:25 |
| Message-ID: | CAOt4E5R6zOHKJfojph_hWEhpY6gxy-Fmn9EqhQyA+gcNT3WzJQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello!
In an environment where we control the host system and all installed
extensions, we need to allow postgresql non-superuser to install all of
them, without opening gaps that will let this user gain superuser
privileges. We have a sample solution to add a new default role
pg_create_extension which does not need superuser privilege to create any
extensions.
However we are not sure if it's the best approach. Are there any other
ideas, proposals or feedback?
Is this something you would consider adding to the next major release?
Best regards,
Alexandra Ryzhevich
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Add-default-create-extension-role.patch | text/x-patch | 7.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2018-08-10 15:11:13 | Re: Creating extensions for non-superusers |
| Previous Message | Marina Polyakova | 2018-08-10 14:59:29 | Re: [HACKERS] WIP Patch: Pgbench Serialization and deadlock errors |