Re: Any way to have CREATEUSER privs without having all privs?
| От | Ezra Epstein |
|---|---|
| Тема | Re: Any way to have CREATEUSER privs without having all privs? |
| Дата | |
| Msg-id | MOOdnUQVgI7ODmaiXTWc-g@speakeasy.net обсуждение |
| Ответ на | Any way to have CREATEUSER privs without having all privs? ("ezra epstein" <ee_newsgroup_post@prajnait.com>) |
| Список | pgsql-general |
"Tom Lane" <tgl@sss.pgh.pa.us> wrote in message news:6596.1073173257@sss.pgh.pa.us... > "ezra epstein" <ee_newsgroup_post@prajnait.com> writes: > > Basically I want a login user that can then set session auth... to any other > > user but otherwise has no privs. > > You have not thought this through. > > If user X can become any other user Y, then he can do anything that is > doable within the system. Pretending that he is not superuser is > pointless. > > regards, tom lane > I know, I know.... It's like I want something that just isn't possible. I want good DB-level security in the app without requiring the overhead of per-userid login: so connection pools can work. The app could be careful with super user... but it is probably better to just go the ordinary route of an app account with enough privs to do everything and then have the app/servlet container manage security. Thanks, == EE
В списке pgsql-general по дате отправления: