| From: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Orphaned users in PG16 and above can only be managed by Superusers |
| Date: | 2025-01-09 05:31:03 |
| Message-ID: | CAE9k0PmwJxFcajwnouQECsRWhtGSe0OeXP-BK=G+n1umjuqEBw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi All,
Starting from PG16, it seems that orphaned users can only be managed
by superusers. For example, if userA creates userB, and userB creates
userC, then both userB (the parent of userC) and userA (the
grandparent of userC) would typically have the ability to
manage/administer userC. However, if userB is dropped, userA (the
grandparent of userC) loses the ability to administer userC as well.
This leads to a situation where only superusers can manage userC.
Shouldn't userA retain the permission to manage userC even if userB is
removed? Otherwise, only superusers would have the authority to
administer userC (the orphaned user in this case), which may not be
feasible for cloud environments where superuser access is restricted.
--
With Regards,
Ashutosh Sharma.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2025-01-09 05:50:21 | Re: Conflict detection for update_deleted in logical replication |
| Previous Message | Alexander Lakhin | 2025-01-09 05:00:01 | Re: Several buildfarm animals fail tests because of shared memory error |