Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)

Поиск
Список
Период
Сортировка
От Noah Misch
Тема Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Дата
Msg-id 20210528060618.GC3936145@rfd.leadboat.com
обсуждение исходный текст
Ответ на Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)  (Mark Dilger <mark.dilger@enterprisedb.com>)
Ответы Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)  (Mark Dilger <mark.dilger@enterprisedb.com>)
Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)  (Mark Dilger <mark.dilger@enterprisedb.com>)
Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)  (Jeff Davis <pgsql@j-davis.com>)
Список pgsql-hackers
Дерево обсуждения 
On Tue, May 25, 2021 at 01:33:54PM -0700, Mark Dilger wrote:
> v3-0001 adds a new pg_logical_replication role with permission to manage publications and subscriptions.

> v3-0004 adds a new pg_database_security role with permission to perform many
> actions that would otherwise require superuser, so long as those actions do
> not compromise the security of the host or network.  This role, along with
> pg_logical_replication, is intended to be safe to delegate to the tenant of
> a database provided as a service.

pg_logical_replication would not be safe to delegate that way:
https://postgr.es/m/flat/CACqFVBbx6PDq%2B%3DvHM0n78kHzn8tvOM-kGO_2q_q0zNAMT%2BTzdA%40mail.gmail.com

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Kyotaro Horiguchi
Дата:
Сообщение: Re: Race condition in recovery?
Следующее
От: Neil Chen
Дата:
Сообщение: Re: storing an explicit nonce