| From: | Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allowing to create LEAKPROOF functions to non-superuser |
| Date: | 2021-04-12 20:42:03 |
| Message-ID: | c5957702-10ab-cc93-dbcb-1117c711bee1@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 4/12/21 10:37 PM, Tom Lane wrote:
> Andrey Borodin <x4mmm(at)yandex-team(dot)ru> writes:
>> Currently only superuser is allowed to create LEAKPROOF functions
>> because leakproof functions can see tuples which have not yet been
>> filtered out by security barrier views or row level security
>> policies.
>
> Yeah.
>
>> But managed cloud services typically do not provide superuser
>> roles.
>
> This is not a good argument for relaxing superuser requirements.
>
I guess for the cloud services it's not an issue - they're mostly
concerned about manageability and restricting access to the OS. It's
unfortunate that we tie the this capability to being superuser, so maybe
the right solution would be to introduce a separate role with this
privilege?
regards
--
Tomas Vondra
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrey Borodin | 2021-04-12 20:51:02 | Re: Allowing to create LEAKPROOF functions to non-superuser |
| Previous Message | Andres Freund | 2021-04-12 20:40:46 | Re: PANIC: wrong buffer passed to visibilitymap_clear |