From: | Daniel Gomez Blanco <nanodgb(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: Pros and cons of giving someone superuser privilege |
Date: | 2014-04-25 15:09:43 |
Message-ID: | CAL4HELcX=hfDugeuDVa_-+=ju3F0ktRiLcNu3UxrfR4BANAUsQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
We provide some extensions by default, and would be willing to install more
extensions if needed. The point about stored procedures is a good point
though.
Thanks for your input!
Daniel
On 25 April 2014 16:52, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Daniel Gomez Blanco (nanodgb(at)gmail(dot)com) wrote:
> > >From your reply and considering why I have just said, I think that, in
> our
> > case, these users would be better off without superuser access. As for
> > their day-to-day operations they wouldn't need it as long as they can
> > create their databases and roles, and execute the rest of operations on
> the
> > web interface.
>
> Just to hit on this again- that means your users can't install any
> extensions (not even those provided as part of PG through contrib).
> Eventually, users will get upset by the lack of things like PostGIS.
>
> They also can't create stored procedures using any of the untrusted
> languages (of course, if they could, they could get access to the host,
> so that may be a show-stopper anyway).
>
> Thanks,
>
> Stephen
>
From | Date | Subject | |
---|---|---|---|
Next Message | Henry Korszun | 2014-04-25 17:37:13 | |
Previous Message | Stephen Frost | 2014-04-25 14:52:24 | Re: Pros and cons of giving someone superuser privilege |