* Peter Eisentraut (pete...@gmx.net) wrote: > On 2/25/15 3:39 PM, Stephen Frost wrote: > >> I'd get rid of that whole check, not just replace rolcatupdate by rolsuper. > > > > Err, wouldn't this make it possible to grant normal users the ability to > > modify system catalogs? I realize that they wouldn't have that > > initially, but I'm not sure we want the superuser to be able to grant > > that to non-superusers.. > > Why not? I thought we are trying to get rid of special superuser behavior.
Agreed, but I'd also like to get rid of any reason, beyond emergency cases, for people to modify the catalog directly. There's a few places which we aren't yet doing that, but I'd rather fix those cases than encourage people to give out rights to modify them and end up making things like: "UPDATE pg_database SET datallowconn = false where datname = 'xyz';" an accepted interface. > After all, superusers can also make the other user a superuser to bypass > this issue. Sure, but that gives us the option to write off whatever happens next as not our fault. Thanks, Stephen
signature.asc
Description: Digital signature