Re: allow specifying direct role membership in pg_hba.conf

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: "Bossart, Nathan" <bossartn(at)amazon(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: allow specifying direct role membership in pg_hba.conf
Date: 2021-05-14 15:23:20
Message-ID: 1885152.1621005800@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> On 5/13/21 7:38 PM, Bossart, Nathan wrote:
>> I've attached a small patch that allows specifying only direct members
>> of a group in pg_hba.conf.

> Do we really want to be creating two classes of role membership?

Yeah, this seems to be going against the clear meaning of the
SQL spec. I realize you can argue that pg_hba.conf doesn't have
to follow the spec, but it doesn't seem like a terribly good idea
to interpret role membership differently in different places.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2021-05-14 15:26:18 Re: alter subscription drop publication fixes
Previous Message Bharath Rupireddy 2021-05-14 14:41:05 Re: alter subscription drop publication fixes