On 11/21/22 9:40 AM, Bryn Llewellyn wrote:
adrian.kla...@aklaver.com wrote:

Then there’s this (from the doc):

It is good practice to create a role that has the CREATEDB and CREATEROLE 
privileges, but is not a superuser, and then use this role for all routine 
management of databases and roles. This approach avoids the dangers of 
operating as a superuser for tasks that do not really require it.


That, too, reads like a recommendation that intends to inform a security 
policy. But, I suppose, one could argue that saying something “is good 
practice” is very different from making a recommendation.

Consider this wording. It also uses “good practice”.

«
It is good practice to limit the number of superuser roles that exist in a 
cluster to exactly one: the inevitable bootstrap superuser. This recognizes the 
fact that, once the initial configuration of a cluster has been done 
immediately after its creation (which configuration is done while still in 
self-imposed single-user mode), there are then very few, and infrequent, tasks 
that require the power of the superuser role.
»

Nobody supports it!

I went back through the thread and don't anywhere when you made the above statement, correct me if I am wrong. In that case there was nothing to support or not support until now.

What people where responding to the title of the thread:

"Seeking practice recommendation: is there ever a use case to have two or more superusers?"

That is a different ask.



I’m puzzled why the good practice statement about a role with the CREATEDB and 
CREATEROLE attributes earns a place in the doc while nobody at all is prepared 
to make a practice statement about how many superusers is good. I’d like very 
much to understand the critical parts that I’m missing of the essential mental 
model in this general space.




--
Adrian Klaver
adrian.kla...@aklaver.com


Reply via email to