Re: Additional role attributes && superuser review

From: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Petr Jelinek <petr(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Additional role attributes && superuser review
Date: 2015-04-30 00:20:04
Message-ID: 20150430002004.GL4369@alvh.no-ip.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Robert Haas wrote:

> I think that if you commit this the way you have it today, everybody
> will go, oh, look, Stephen committed something, but it looks
> complicated, I won't pay attention.

Yeah, that sucks.

> Finally, you've got the idea of making pg_ a reserved prefix for
> roles, adding some predefined roles, and giving them some predefined
> privileges. That should be yet another patch.

On this part I have a bit of a problem -- the prefix is not really
reserved, is it. I mean, evidently it's still possible to create roles
with the pg_ prefix ... otherwise, how come the new lines to
system_views.sql that create the "predefined" roles work in the first
place? I think if we're going to reserve role names, we should reserve
them for real: CREATE ROLE should flat out reject creation of such
roles, and the default ones should be created during bootstrap.

IMO anyway.

--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Gavin Flower 2015-04-30 00:33:57 Re: Additional role attributes && superuser review
Previous Message Tom Lane 2015-04-30 00:11:48 Re: Incompatible trig error handling