Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)

From: Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>
To: Jeff Davis <pgsql(at)j-davis(dot)com>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "chap(at)anastigmatix(dot)net" <chap(at)anastigmatix(dot)net>, torikoshia <torikoshia(at)oss(dot)nttdata(dot)com>
Subject: Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date: 2021-10-19 22:26:20
Message-ID: CA5A934B-0B24-47F7-944A-32696FFB7696@enterprisedb.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On Oct 19, 2021, at 3:18 PM, Jeff Davis <pgsql(at)j-davis(dot)com> wrote:
>
> On Tue, 2021-10-19 at 13:17 -0700, Mark Dilger wrote:
>> Wouldn't it be much cleaner to have superuser bypass the trigger?
>
> Maybe it could be a user property like "BYPASS_EVENT_TRIGGERS", and
> only superusers could adjust it (like the SUPERUSER and REPLICATION
> properties).
>
> I suppose it would default to BYPASS_EVENT_TRIGGERS for superusers and
> not for non-superusers. A little awkward to have different defaults,
> but it seems sensible in this case.
>
> Would this bypass all event triggers, or only the event triggers of
> another user?

The difficulty is that non-superuser owned event triggers could be something of a minefield for scripts run as superuser. The cleanest way around that would be to have them never fire in response to superuser actions. Installations could still have event triggers that cover all users, including superusers, as long as they have those triggers owned by superuser.

The implementation in the patch set does this, but with finer grained precision, because the universe of roles is divided into more than just superuser vs. non-superuser.


Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2021-10-19 22:52:46 Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Previous Message Bossart, Nathan 2021-10-19 22:25:35 Re: ALTER INDEX .. RENAME allows to rename tables/views as well