Re: Recognizing superuser in pg_hba.conf

Greetings,

On Thu, Jan 2, 2020 at 15:04 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > We already have a reserved namespace when it comes to roles,
> > specifically "pg_".. why invent something new like this '&' prefix when
> > we could just declare that 'pg_superusers' is a role to which all
> > superusers are members? Or something along those lines?
>
> Meh. If the things aren't actually roles, I think this'd just
> add confusion. Or were you proposing to implement them as roles?
> I'm not sure if that would be practical in every case.

Having them as roles might be interesting though I don’t think it would be
required. As for your argument, surely we aren’t going to make
“&superusers” an actual role with this, so you have to accept that’s what
there isn’t a real role either way. I don’t really care for this idea of
making up new syntax that people have to learn, understand, train others
on, etc.

The pg_ prefix makes it clear that it’s a system role... literally by
definition.

As for Vik’s thought about “pg_all”- I hadn’t been thinking we would do
that (“all” is already accepted there anyway and trying to deprecate that
seems unlikely to result in ever actually removing it because that’s the
kind of thing we will argue about and never do..), but it seems like an
interesting idea. Using “public” is maybe another interesting thought there
since that’s the same thing and also reserved...

Thanks,

Stephen

>