On 24 January 2017 at 13:19, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Simon Riggs <simon@2ndquadrant.com> writes:
>> So I was thinking about various annoying admin/security issues
>> recently, so I came up with this: a new type of user called a
>> “superowner”. It’s somewhere between a superuser and a normal user.
>> Superowner would own all objects defined by users, so it would do
>> useful things in contexts where superuser is not available.
>
> What about just saying that the database owner has those privileges?
> After all, the ultimate privilege of an owner is to drop the object
> (and then remake it as she pleases), and the DB owner has that option
> w.r.t. the whole database. So I'm not sure we need to invent a new
> concept.
Thinking about it, I've not seen dbowner != superuser in most cases,
so that works for me.
I guess I was expecting push back from people for backwards
compatibility, but it is 10.0
> With or without it being a separate property, there's a point I think
> you missed: this should only extend to objects owned by normal users,
> not by superusers. Otherwise there are all sorts of security issues.
Sure. That sounds like the right definition of what I was trying to specify.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services