From: | Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
Subject: | Re: Recognizing superuser in pg_hba.conf |
Date: | 2020-01-02 20:04:27 |
Message-ID: | e698ee5e-cd0e-0ee5-9c90-99a7e3b1cda4@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 02/01/2020 20:52, Stephen Frost wrote:
> Greetings,
>
> * Vik Fearing (vik(dot)fearing(at)2ndquadrant(dot)com) wrote:
>> On 29/12/2019 23:10, Vik Fearing wrote:
>>> On 29/12/2019 17:31, Tom Lane wrote:
>>>> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>>>>> On Sat, Dec 28, 2019 at 2:02 PM Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com> wrote:
>>>>>> I'm all for this (and even suggested it during the IRC conversation that
>>>>>> prompted this patch). It's rife with bikeshedding, though. My original
>>>>>> proposal was to use '&' and Andrew Gierth would have used ':'.
>>>>> I think this is a good proposal regardless of which character we
>>>>> decide to use. My order of preference from highest-to-lowest would
>>>>> probably be :*&, but maybe that's just because I'm reading this on
>>>>> Sunday rather than on Tuesday.
>>>> I don't have any particular objection to '&' if people prefer that.
>>> I wrote the patch so I got to decide. :-) I will also volunteer to do
>>> the grunt work of changing the symbol if consensus wants that, though.
>>>
>>> It turns out that my original patch didn't really change, all the meat
>>> is in the keywords patch. The superuser patch is to be applied on top
>>> of the keywords patch.
>> I missed a few places in the tap tests. New keywords patch attached,
>> superuser patch unchanged.
> We already have a reserved namespace when it comes to roles,
> specifically "pg_".. why invent something new like this '&' prefix when
> we could just declare that 'pg_superusers' is a role to which all
> superusers are members? Or something along those lines?
This is an argument against the superusers patch, but surely you are not
suggesting we add a pg_all role that contains all users? And what about
the keywords that aren't for users?
--
Vik Fearing
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2020-01-02 20:04:41 | Re: Recognizing superuser in pg_hba.conf |
Previous Message | Tom Lane | 2020-01-02 20:02:29 | pgsql: Add basic TAP tests for psql's tab-completion logic. |