| From: | Georgios Kokolatos <gkokolatos(at)protonmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: New default role- 'pg_read_all_data' |
| Date: | 2020-08-28 12:16:36 |
| Message-ID: | 159861699631.18329.14711450552365728705.pgcf@coridan.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Thank you for the patch.
My high level review comment:
The patch seems to be implementing a useful and requested feature.
The patch applies cleanly and passes the basic regress tests. Also the commitfest bot is happy.
A first pass at the code, has not revealed any worthwhile comments.
Please allow me for a second and more thorough pass. The commitfest has hardly started after all.
Also allow me a series of genuine questions:
What would the behaviour be with REVOKE?
In a sequence similar to:
GRANT ALL ON ...
REVOKE pg_read_all_data FROM ...
What privileges would the user be left with? Would it be possible to end up in the same privilege only with a GRANT command?
Does the above scenario even make sense?
Regards,
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2020-08-28 12:20:01 | Re: SyncRepLock acquired exclusively in default configuration |
| Previous Message | Asim Praveen | 2020-08-28 11:06:09 | Re: SyncRepLock acquired exclusively in default configuration |