> On Jul 26, 2021, at 1:12 PM, Robert Haas <robertmh...@gmail.com> wrote: > > Alice should not be permitted to preventing Bob > from doing something which Bob is allowed to do and Alice is not > allowed to do. That sounds intuitively reasonable, though it depends on what "which Bob is allowed to do" means. For instance, if Alice is only allowed to enable or disable connections to the database, and she disables them, then she has prevented Bob from, for example, creating tables, something which Bob is otherwise allowed to do, because without the ability to connect, he cannot create tables. — Mark Dilger EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
- Re: Delegating superuser tasks to new security roles (Was: ... Mark Dilger
- Re: Delegating superuser tasks to new security roles (... Stephen Frost
- Re: Delegating superuser tasks to new security roles (... Robert Haas
- Re: Delegating superuser tasks to new security rol... Mark Dilger
- Re: Delegating superuser tasks to new security... Mark Dilger
- Re: Delegating superuser tasks to new security... Mark Dilger
- Re: Delegating superuser tasks to new security... Stephen Frost
- Re: Delegating superuser tasks to new security... Robert Haas
- Re: Delegating superuser tasks to new security... Robert Haas
- Re: Delegating superuser tasks to new security... Mark Dilger
- Re: Delegating superuser tasks to new security... Stephen Frost
- Re: Delegating superuser tasks to new security... Robert Haas
- Re: Delegating superuser tasks to new security... Tom Lane
- Re: Delegating superuser tasks to new security... Alvaro Herrera
- Re: Delegating superuser tasks to new security... Stephen Frost
- Re: Delegating superuser tasks to new security... Tom Lane
- Re: Delegating superuser tasks to new security... Alvaro Herrera
- Re: Delegating superuser tasks to new security... Tom Lane
- Re: Delegating superuser tasks to new security... Tom Lane
- Re: Delegating superuser tasks to new security... Robert Haas