| From: | Bryn Llewellyn <bryn(at)yugabyte(dot)com> |
|---|---|
| To: | Christophe Pettus <xof(at)thebuild(dot)com> |
| Cc: | Tom Lane PostgreSQL <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, pgsql-general list <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? |
| Date: | 2022-09-13 18:39:35 |
| Message-ID: | 1AD29374-E9DD-4640-AE0C-882A20A909D9@yugabyte.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> xof(at)thebuild(dot)com wrote:
>
>> bryn(at)yugabyte(dot)com wrote:
>>
>> There must be some-or-other non-standard setting in my environment that results in the behavior that I see and that other's don't.
>
> From the documentation:
>
>> superuser status: A database superuser bypasses all permission checks, except the right to log in.
>
> If you do the test with a non-superuser, you'll get the results you expect. This isn't related to MacOS.
I didn't do the test with a superuser. I did it with a freshly-created role called "r1" created thus:
create role r1 with login password 'p';
grant connect on database play to r1;
The code that I copeid in my previous mail showed this. I double-checked thus:
select rolname, rolsuper::test, rolcanlogin::text
from pg_roles
where rolname !~ '^pg_'
order by rolname;
It produced this:
rolname | rolsuper | rolcanlogin
----------+----------+-------------
Bllewell | true | false
postgres | true | true
r1 | false | true
What are you seeing that I'm failing to?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christophe Pettus | 2022-09-13 18:47:52 | Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? |
| Previous Message | Christophe Pettus | 2022-09-13 18:30:00 | Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? |