| From: | Simon Riggs <simon(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Superowners |
| Date: | 2017-01-24 14:12:39 |
| Message-ID: | CANP8+jLDFm_W0go0ROX+LuKkpYkxEaVzQKbbBxnK19BBvzgqVA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 24 January 2017 at 13:19, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Simon Riggs <simon(at)2ndquadrant(dot)com> writes:
>> So I was thinking about various annoying admin/security issues
>> recently, so I came up with this: a new type of user called a
>> “superowner”. It’s somewhere between a superuser and a normal user.
>> Superowner would own all objects defined by users, so it would do
>> useful things in contexts where superuser is not available.
>
> What about just saying that the database owner has those privileges?
> After all, the ultimate privilege of an owner is to drop the object
> (and then remake it as she pleases), and the DB owner has that option
> w.r.t. the whole database. So I'm not sure we need to invent a new
> concept.
Thinking about it, I've not seen dbowner != superuser in most cases,
so that works for me.
I guess I was expecting push back from people for backwards
compatibility, but it is 10.0
> With or without it being a separate property, there's a point I think
> you missed: this should only extend to objects owned by normal users,
> not by superusers. Otherwise there are all sorts of security issues.
Sure. That sounds like the right definition of what I was trying to specify.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Bapat | 2017-01-24 14:19:57 | Re: pg_hba_file_settings view patch |
| Previous Message | Tom Lane | 2017-01-24 14:08:27 | Re: [PATCH] Generic type subscription |