* Magnus Hagander ([email protected]) wrote: > On Wed, Mar 12, 2014 at 3:52 PM, Tom Lane <[email protected]> wrote: > > I share your doubts as to how useful such a concept actually is, but > > it'd work if we had real local users. > > > It can also do interesting things like ALTER SYSTEM, replication, backups, > etc. All of which could be used to escalate privileges beyond the local > database.
Probably DROP ROLE for global users too.
> So you'd have to somehow restrict those, at which point what's the point of
> the property in the first place?
We've been asked quite often for a not-quite-superuser, as in, one which
can bypass the normal GRANT-based permission system but which can't do
things like create untrusted functions or do other particularly bad
activities. I can certainly see value in that. Another oft-requested
option is a read-only role which pg_dump or an auditor could use.
Anyway, this is getting a bit far afield from the original discussion,
which looked like it might actually be heading somewhere interesting..
Thanks,
Stephen
signature.asc
Description: Digital signature
