Re: Granting control of SUSET gucs to non-superusers

Поиск
Список
Период
Сортировка
От Isaac Morland
Тема Re: Granting control of SUSET gucs to non-superusers
Дата
Msg-id CAMsGm5eDn7uBcit=aBvOSmUvPxrdpp1GZZyPVjL+9fUiYm_f8A@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Granting control of SUSET gucs to non-superusers  (Mark Dilger <mark.dilger@enterprisedb.com>)
Список pgsql-hackers
Дерево обсуждения
On Fri, 30 Apr 2021 at 22:00, Mark Dilger <mark.dilger@enterprisedb.com> wrote:
 
Viewing all of this in terms of which controls allow the tenant to escape a hypothetical sandbox seems like the wrong approach.  Shouldn't we let service providers decide which controls would allow the tenant to escape the specific sandbox the provider has designed?

I’m not even sure I should be mentioning this possibility, but what if we made each GUC parameter a grantable privilege? I’m honestly not sure if this is insane or not. I mean numerically it’s a lot of privileges, but conceptually it’s relatively simple.

What I like the least about it is actually the idea of giving up entirely on the notion of grouping privileges into reasonable packages: some of these privileges would be quite safe to grant in many or even most circumstances, while others would usually not be reasonable to grant.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Mark Dilger
Дата:
Сообщение: Re: Granting control of SUSET gucs to non-superusers
Следующее
От: Masahiko Sawada
Дата:
Сообщение: Re: Transactions involving multiple postgres foreign servers, take 2