Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)

Поиск
Список
Период
Сортировка
От Mark Dilger
Тема Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Дата
Msg-id 6E892218-B431-4BAE-9E2D-8DF3741A58EA@enterprisedb.com
обсуждение исходный текст
Ответ на Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)  (Robert Haas <robertmhaas@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 

> On Jul 26, 2021, at 1:12 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>
> Alice should not be permitted to preventing Bob
> from doing something which Bob is allowed to do and Alice is not
> allowed to do.

That sounds intuitively reasonable, though it depends on what "which Bob is allowed to do" means.  For instance, if
Aliceis only allowed to enable or disable connections to the database, and she disables them, then she has prevented
Bobfrom, for example, creating tables, something which Bob is otherwise allowed to do, because without the ability to
connect,he cannot create tables. 

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Removing "long int"-related limit on hash table sizes