On Tue, Mar 28, 2017 at 1:52 PM, Mark Dilger <hornschnorter@gmail.com> wrote:
>
>> On Mar 28, 2017, at 9:55 AM, Robert Haas <robertmhaas@gmail.com> wrote:
>>
>> On Tue, Mar 28, 2017 at 12:47 PM, Dave Page <dpage@pgadmin.org> wrote:
>>>> I don't see any precedent in the code for having a hardcoded role, other than
>>>> superuser, and allowing privileges based on a hardcoded test for membership
>>>> in that role. I'm struggling to think of all the security implications of that.
>>>
>>> This would be the first.
>>
>> Isn't pg_signal_backend an existing precedent?
>
> Sorry, I meant to say that there is no precedent for allowing access to data based
> on a hardcoded test for membership in a role other than superuser.
This doesn't allow access to data, except through monitoring of
queries that are executed (e.g. full access to pg_stat_activity) -
which you can avoid by not using the role if that's your choice.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company