From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
---|---|
To: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Noah Misch <noah(at)leadboat(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "chap(at)anastigmatix(dot)net" <chap(at)anastigmatix(dot)net> |
Subject: | Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) |
Date: | 2021-10-29 23:46:52 |
Message-ID: | f8c590648d5a47f512967c4d62d138cb8913ba11.camel@j-davis.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, 2021-10-28 at 11:02 -0700, Mark Dilger wrote:
> It feels to me that the traditional concept of users and groups could
> map, one-to-one, onto users and roles, but we've mapped both users
> and groups, many-to-one, onto roles, leaving no distinct concept of
> groups, and now we're proposing adding a concept called "tenant" that
> means something like "group". I find that simultaneously helpful and
> pretty confusing.
That's a good point. There are a lot of concepts involved; adding one
more could certainly cause confusion.
But I don't think the concept of role ownership has zero potential
confusion, either. For instance, I could certainly imagine a user A
creating a role B (and therefore owning it), and then doing "GRANT A TO
B". Is there a reason to do that, or is the user confused about what
membership versus ownership mean?
> Noah's concern, as I understood it, was not about roles owning roles,
> but about role membership being what controls if an event trigger
> fires. If anything, that concern stems from the lack of role
> ownership, not the existence of it, because I wrote the event trigger
> patch set to not depend on the role ownership patch set.
Your patch[0] causes role membership to control whether and event
trigger fires. If it was solely based on role *ownership* and had
nothing to do with role *membership*, that does seem better to me.
[0]
https://postgr.es/m/914FF898-5AC4-4E02-8A05-3876087007FB@enterprisedb.com
Regards,
Jeff Davis
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2021-10-30 00:06:58 | Re: Improving psql's \password command |
Previous Message | Tomas Vondra | 2021-10-29 23:44:08 | Re: Feature request for adoptive indexes |