Stephen Frost <sfrost@snowman.net> writes:
> Independent of other things, getting to the point where everything can
> be done in the database without the need for superuser is absolutely a
> good goal to be striving for, not something to be avoiding.
> I don't think that makes superuser become 'dummy', but perhaps the
> only explicit superuser check we end up needing is "superuser is a
> member of all roles". That would be a very cool end state.
I'm not entirely following how that's going to work. It implies that
there is some allegedly-not-superuser role that has the ability to
become superuser -- either within SQL or by breaking out to the OS --
because certainly a superuser can do those things.
I don't think we're serving any good purpose by giving people the
impression that roles with such permissions are somehow not
superuser-equivalent. Certainly, the providers who don't want to
give users superuser are just going to need a longer list of roles
they won't give access to (and they probably won't be pleased about
having to vet every predefined role carefully).
regards, tom lane