| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Daniel Gomez Blanco <nanodgb(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Pros and cons of giving someone superuser privilege |
| Date: | 2014-04-25 14:52:24 |
| Message-ID: | 20140425145224.GN2556@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
* Daniel Gomez Blanco (nanodgb(at)gmail(dot)com) wrote:
> >From your reply and considering why I have just said, I think that, in our
> case, these users would be better off without superuser access. As for
> their day-to-day operations they wouldn't need it as long as they can
> create their databases and roles, and execute the rest of operations on the
> web interface.
Just to hit on this again- that means your users can't install any
extensions (not even those provided as part of PG through contrib).
Eventually, users will get upset by the lack of things like PostGIS.
They also can't create stored procedures using any of the untrusted
languages (of course, if they could, they could get access to the host,
so that may be a show-stopper anyway).
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gomez Blanco | 2014-04-25 15:09:43 | Re: Pros and cons of giving someone superuser privilege |
| Previous Message | Daniel Gomez Blanco | 2014-04-25 14:16:44 | Re: Pros and cons of giving someone superuser privilege |