Re: non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok?

Поиск
Список
Период
Сортировка
От Mark Dilger
Тема Re: non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok?
Дата
Msg-id F1EFCFFF-EC9E-42D1-9C3C-3741C553CE34@enterprisedb.com
обсуждение исходный текст
Ответ на non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok?  (Ashutosh Sharma <ashu.coek88@gmail.com>)
Ответы Re: non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok?  (Ashutosh Sharma <ashu.coek88@gmail.com>)
Список pgsql-hackers
Дерево обсуждения 

> On Sep 30, 2021, at 3:07 AM, Ashutosh Sharma <ashu.coek88@gmail.com> wrote:
>
> While working on one of the internal projects I noticed that currently in Postgres, we do not allow normal users to
alterattributes of the replication user. However we do allow normal users to drop replication users or to even rename
itusing the alter command. Is that behaviour ok? If yes, can someone please help me understand how and why this is
okay.

The definition of CREATEROLE is a bit of a mess.  Part of the problem is that roles do not have owners, which makes the
permissionsto drop roles work differently than for other object types.  I have a patch pending [1] for the version 15
developmentcycle that fixes this and other problems.  I'd appreciate feedback on the design and whether it addresses
yourconcerns. 

[1] https://commitfest.postgresql.org/34/3223/

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Dmitry Dolgov
Дата:
Сообщение: Re: pg_stat_statements and "IN" conditions
Следующее
От: Jacob Champion
Дата:
Сообщение: Re: Support for NSS as a libpq TLS backend