| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Keith Fiske <keith(at)omniti(dot)com>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #6264: Superuser does not have inherent Replication permission |
| Date: | 2011-10-27 18:18:53 |
| Message-ID: | 2308.1319739533@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> ... If we do decide to change the
> behavior, we'd better carefully document that if you want to make
> someone a superuser without giving them replication privileges (or
> revoke their superuser status without revoking replication
> privileges), you need to specify both ALTER TABLE options.
You'd also have to be careful about processing-order dependencies;
consider
ALTER USER joe NOREPLICATION SUPERUSER;
which would do the wrong thing with a naive implementation.
> All in all I'm somewhat inclined to think we should just patch the
> docs. 9.1 hasn't been out for very long, so maybe expectations aren't
> too settled yet, but changing security-critical behavior in back
> branches doesn't seem like a wonderful idea; and I think I mildly
> prefer the current semantics to the proposed ones.
+1
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gavin Flower | 2011-10-27 19:03:09 | Re: Add statistics_collector_listen_addresses to fix hard-coding of "localhost" |
| Previous Message | Robert Haas | 2011-10-27 17:45:34 | Re: BUG #6264: Superuser does not have inherent Replication permission |