Re: Recognizing superuser in pg_hba.conf

On 02/01/2020 20:52, Stephen Frost wrote:
> Greetings,
>
> * Vik Fearing (vik(dot)fearing(at)2ndquadrant(dot)com) wrote:
>> On 29/12/2019 23:10, Vik Fearing wrote:
>>> On 29/12/2019 17:31, Tom Lane wrote:
>>>> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>>>>> On Sat, Dec 28, 2019 at 2:02 PM Vik Fearing <vik(dot)fearing(at)2ndquadrant(dot)com> wrote:
>>>>>> I'm all for this (and even suggested it during the IRC conversation that
>>>>>> prompted this patch). It's rife with bikeshedding, though. My original
>>>>>> proposal was to use '&' and Andrew Gierth would have used ':'.
>>>>> I think this is a good proposal regardless of which character we
>>>>> decide to use. My order of preference from highest-to-lowest would
>>>>> probably be :*&, but maybe that's just because I'm reading this on
>>>>> Sunday rather than on Tuesday.
>>>> I don't have any particular objection to '&' if people prefer that.
>>> I wrote the patch so I got to decide. :-)  I will also volunteer to do
>>> the grunt work of changing the symbol if consensus wants that, though.
>>>
>>> It turns out that my original patch didn't really change, all the meat
>>> is in the keywords patch.  The superuser patch is to be applied on top
>>> of the keywords patch.
>> I missed a few places in the tap tests.  New keywords patch attached,
>> superuser patch unchanged.
> We already have a reserved namespace when it comes to roles,
> specifically "pg_".. why invent something new like this '&' prefix when
> we could just declare that 'pg_superusers' is a role to which all
> superusers are members? Or something along those lines?

This is an argument against the superusers patch, but surely you are not
suggesting we add a pg_all role that contains all users?  And what about
the keywords that aren't for users?

--

Vik Fearing