On 1/29/17 4:44 PM, Stephen Frost wrote:
> * Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
>> On 1/26/17 1:25 PM, Simon Riggs wrote:
>>> That should include the ability to dump all objects, yet without any
>>> security details. And it should allow someone to setup logical
>>> replication easily, including both trigger based and new logical
>>> replication. And GRANT ON ALL should work.
>> This basically sounds like a GRANT $privilege ON ALL $objecttype TO
>> $user. So you could have a user that can read everything, for example.
>>
>> This kind of thing has been asked for many times, but that quieted down
>> when the default privileges feature appeared. I think it would still be
>> useful.
> Agreed. I would think we'd either do this with a default role or a role
> attribute.
Someone was asking for that on Slack the other day, because their
customer wanted it. Default privs would not fit the bill: they wanted to
grant specific roles the ability to read everything in the database (or
maybe cluster; I don't think the conversation got into that level of
detail).
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532)