| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Jacob Champion <pchampion(at)vmware(dot)com>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, "chap(at)anastigmatix(dot)net" <chap(at)anastigmatix(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, torikoshia <torikoshia(at)oss(dot)nttdata(dot)com> |
| Subject: | Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) |
| Date: | 2021-10-20 21:55:54 |
| Message-ID: | 254d5da17496b75ee9d58a19df358d4fccb6c8f6.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 2021-10-20 at 16:36 -0400, Stephen Frost wrote:
> > I think that's basically giving up the important part of this idea,
> > which is to allow meaningful administration without superuser
> > privileges. "highly-privileged roles only" sounds like in practice
> > it
> > would amount to the superuser or someone who can become the
> > superuser
> > -- and thus probably wouldn't include the "master tenant" role in a
> > service provider environment.
>
> I’m in agreement with Robert on this point.
I'm OK to move past this and continue with Mark's approach.
Noah made the original complaint, though, so he might have something to
add.
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bossart, Nathan | 2021-10-20 22:20:21 | Re: parallelizing the archiver |
| Previous Message | Tom Lane | 2021-10-20 21:46:01 | Re: Can we get rid of repeated queries from pg_dump? |