> On Nov 23, 2022, at 11:02 AM, Robert Haas <robertmh...@gmail.com> wrote:
>
> For me, this
> clearly falls into the "good" category: it's configuration that you
> put into the database that makes things happen the way you want, not a
> behavior-changing setting that comes along and ruins somebody's day.
I had incorrectly imagined that if the bootstrap superuser granted CREATEROLE
to Alice with particular settings, those settings would limit the things that
Alice could do when creating role Bob, specifically limiting how much she could
administer/inherit/set role Bob thereafter. Apparently, your proposal only
configures what happens by default, and Alice can work around that if she wants
to. But if that's the case, did I misunderstand upthread that these are
properties the superuser specifies about Alice? Can Alice just set these
properties about herself, so she gets the behavior she wants? I'm confused now
about who controls these settings.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company