> From: Kevin Grittner <Kevin.Grittner@wicourts.gov>
>Glyn Astill <glynastill@yahoo.co.uk> wrote:
>
>> How can I specifically catch superusers?
>
> Create a group (nobody?) that you don't grant to any users. Only
> superusers will be a member of it.
>
Ah of course, simple, thanks Kevin.
I can't help but feel that there should be something in the docs for 9.0 to specify this, since it is a behaviour
differencefrom 8.4 and earlier.
The docs (http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html) do say:
"Recall that there is no real distinction between users and groups in PostgreSQL; a + mark really means "match
anyof the roles that are directly or indirectly members of this role", while a name without a + mark
matches onlythat specific role"
Maybe the docs should be embellished to also say "since a superuser is automatically considered a member of any group,
itshould be taken into account that names with a + mark will affect all superusers (although this was not the case
priorto 9.0)" or something along those lines.
Glyn