Re: One Role, Two Passwords

From: Florian Pflug <fgp(at)phlo(dot)org>
To: Daniel Farina <drfarina(at)acm(dot)org>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: One Role, Two Passwords
Date: 2011-01-21 02:17:39
Message-ID: 702246FD-DB04-475C-B4F6-D9B8AF8844C9@phlo.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Jan21, 2011, at 03:14 , Daniel Farina wrote:
> On Thu, Jan 20, 2011 at 6:12 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>> On Thu, Jan 20, 2011 at 9:07 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>>> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>>>> It strikes me that it would be useful to have a GUC that sets the
>>>> owner of any new objects you create (much as you can control their
>>>> default schemas using search_path).
>>>
>>> There was a great deal of discussion along these lines over the summer
>>> of '09 (iirc) with regard to default owners and with the default
>>> privileges patch. I encourage you to try and make it happen though.
>>
>> I'm not likely to write a patch for it, but if someone else writes one
>> I would be willing to (a) support it and (b) subject to consensus,
>> commit it.
>
> Wouldn't this require a client application to issue the GUC setting?
> Or could I somehow tell a role "You create objects as this user, and
> you cannot change this."

You could do ALTER ROLE SET default_owner TO <whatever>. Nothing would
prevent the user from resetting default_owner, though - but do you really
need to protect against that?

best regards,
Florian Pflug

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Kevin Grittner 2011-01-21 02:17:42 Re: REVIEW: EXPLAIN and nfiltered
Previous Message Robert Haas 2011-01-21 02:16:43 Re: ToDo List Item - System Table Index Clustering