Tom Lane <tgl@sss.pgh.pa.us> writes:
>> That's called sudo on linux. I propose that we stick to such a name.
>
> I'm not impressed with that name: it will mean nothing to Windows users,
> nor for that matter to many non-sysadmin types on Unix.
Fair enough.
>> Do we want a more general SUDO facility in PostgreSQL? It would be, I
>> guess, about the same thing as SET ROLE postgres;
>
> Yeah, I think SET ROLE already covers that territory.
Yes, except for the need of CREATE EXTENSION where you would want to
delegate to power to database owner without granting them superuser at
will. So I agree with your statement that we need something more than
what we already have here, even if under the hood it will probably end
up using existing mechanisms.
> The point of the current proposal is to grant a very limited subset of
> superuser privileges --- specifically, the right to install specific
> extensions --- to database owners. Maybe it'd make sense to eliminate
> the tie to database ownership and instead consider that you're allowed
> to do this if you're a member of some predefined role, which then would
> typically be GRANTed to database owners or other semi-trustworthy people.
> But we don't currently have any predefined group roles like that, so
> it'd be a rather large departure from past practice.
I think we have something like that, in fact, with the replication
privilege. We could have an "extension" privilege that defaults to
being granted to database owners, and that would behave like SET ROLE
superuser; when issuing extension related features.
Regards,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support