Magnus Hagander <magnus@hagander.net> writes:
>> Yeah, what we really need is encapsulated per-DB users and local
>> superusers. I think every agrees that this is the goal, but nobody
>> wants to put in the work to implement a generalized solution.
> Encapsulated would probably be the doable part. But local superuser? Given
> that a superuser can load and run binaries, how would you propose you
> restrict that superuser from doing anything they want? And if you don't
> need that functionality, then hows it really different from being the
> database owner?
A local user with the superuser privilege would not be able to log into
another database, because superuser doesn't give you any extra privilege
until you've logged in.
Yeah, as superuser you could still break things as much as you pleased,
but not through SQL.
I share your doubts as to how useful such a concept actually is, but
it'd work if we had real local users.
regards, tom lane