| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Superowners |
| Date: | 2017-01-24 13:19:43 |
| Message-ID: | 12791.1485263983@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Simon Riggs <simon(at)2ndquadrant(dot)com> writes:
> So I was thinking about various annoying admin/security issues
> recently, so I came up with this: a new type of user called a
> “superowner”. It’s somewhere between a superuser and a normal user.
> Superowner would own all objects defined by users, so it would do
> useful things in contexts where superuser is not available.
What about just saying that the database owner has those privileges?
After all, the ultimate privilege of an owner is to drop the object
(and then remake it as she pleases), and the DB owner has that option
w.r.t. the whole database. So I'm not sure we need to invent a new
concept.
With or without it being a separate property, there's a point I think
you missed: this should only extend to objects owned by normal users,
not by superusers. Otherwise there are all sorts of security issues.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2017-01-24 13:22:14 | Re: Checksums by default? |
| Previous Message | Tom Lane | 2017-01-24 13:12:07 | Re: Failure in commit_ts tap tests |