Re: Creating extensions for non-superusers

On Fri, Aug 10, 2018 at 11:11 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> For my 2c, I'd like something along these lines when it comes to a
> capability but it's just not that simple.

It seems pretty simple to me. We have a bunch of other predefined
roles that allow otherwise-superuser-only operations to be delegated
to non-superusers. Alexandra's proposal to add one more seems like a
logical extension of that work. +1 from me.

> Further, while you might make it such that a non-superuser could install
> the extensions, those extensions may have superuser checks inside them
> as well which would need to be addressed or at least considered. There
> isn't too much point in installing an extension if everything that
> extension allows requires superuser rights.
>
> Lastly, you'll certainly want to look at some of the extensions to see
> if what they install are things you really want a non-superuser to be
> able to do, in particular in cases where you're getting an extension
> from a third party but there may even be cases in contrib where an
> extension, once installed, allows a non-superuser to do things that a
> hosted environment might prefer they didn't.

While these might be good things for an individual DBA to consider
before granting the new pg_create_extension privilege to a user on
their system, they don't in my mind have much to do with whether or
not we should add the feature in the first place. Our goal should be
to allow bits of superuser privilege to be given out according to
local policy; it is for individual DBAs to decide on what the local
policy should be, and the factors you mention are things they ought to
consider.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company