* Magnus Hagander (mag...@hagander.net) wrote: > On Wed, Mar 12, 2014 at 3:52 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > > I share your doubts as to how useful such a concept actually is, but > > it'd work if we had real local users. > > > It can also do interesting things like ALTER SYSTEM, replication, backups, > etc. All of which could be used to escalate privileges beyond the local > database.
Probably DROP ROLE for global users too. > So you'd have to somehow restrict those, at which point what's the point of > the property in the first place? We've been asked quite often for a not-quite-superuser, as in, one which can bypass the normal GRANT-based permission system but which can't do things like create untrusted functions or do other particularly bad activities. I can certainly see value in that. Another oft-requested option is a read-only role which pg_dump or an auditor could use. Anyway, this is getting a bit far afield from the original discussion, which looked like it might actually be heading somewhere interesting.. Thanks, Stephen
signature.asc
Description: Digital signature