| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: CATUPDATE confusion? |
| Date: | 2015-02-26 03:01:02 |
| Message-ID: | 54EE8C6E.8090506@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2/25/15 3:39 PM, Stephen Frost wrote:
>> I'd get rid of that whole check, not just replace rolcatupdate by rolsuper.
>
> Err, wouldn't this make it possible to grant normal users the ability to
> modify system catalogs? I realize that they wouldn't have that
> initially, but I'm not sure we want the superuser to be able to grant
> that to non-superusers..
Why not? I thought we are trying to get rid of special superuser behavior.
After all, superusers can also make the other user a superuser to bypass
this issue.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-02-26 03:05:41 | Re: CATUPDATE confusion? |
| Previous Message | Stephen Frost | 2015-02-26 02:38:42 | Re: Odd behavior of updatable security barrier views on foreign tables |