Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?

On Sun, Nov 20, 2022 at 6:48 PM Bryn Llewellyn <bryn(at)yugabyte(dot)com> wrote:

> I haven’t seen anything in the PG doc that warns against creating
> additional superusers—so I suppose that this fact tells me something.
> Nevertheless, I remain convinced about what I’d recommend here:
>
> The default choice must be to allow only one superuser: the inevitable
> bootstrap superuser.
>

If you are talking about your specific setup then it isn't a
recommendation, it's a policy that you are defining. Do what you've
concluded is best, you are the one that will end up answering for it.

IMO, there is no good blanket recommendation to give to someone else as to
how their policy should be written. Security, especially of this sort,
needs to be architected. And when doing that evaluation, and drawing those
conclusions, there is no reason to exclude, a priori, having multiple named
superusers as part of the final policy. Especially since any policy of
this requires not only discussion of PostgreSQL itself but operation
systems, configuration management, etc....

David J.