Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

From Simon Riggs
Subject Re: Streaming replication as a separate permissions
Date
Msg-id 1293438742.1193.61839.camel@ebony
Whole thread Raw
In response to Streaming replication as a separate permissions  (Magnus Hagander <magnus@hagander.net>)
Responses Re: Streaming replication as a separate permissions
List pgsql-hackers
On Thu, 2010-12-23 at 10:53 +0100, Magnus Hagander wrote:

> Here's a patch that changes walsender to require a special privilege
> for replication instead of relying on superuser permissions. We
> discussed this back before 9.0 was finalized, but IIRC we ran out of
> time. The motivation being that you really want to use superuser as
> little as possible - and since being a replication slave is a read
> only role, it shouldn't require the maximum permission available in
> the system.

Is backup part of this new privilege, or not?

I think if we're going to introduce a new level of privilege, then we
should introduce all delegatable privs in one software release. Much
better than having someone think up a new delegatable priv each release
for next 5 years.

Other possible ones include unsafe PL creation, seeing logged SQL etc..

-- Simon Riggs           http://www.2ndQuadrant.com/books/PostgreSQL Development, 24x7 Support, Training and Services



pgsql-hackers by date:

Previous
From: Simon Riggs
Date:
Subject: Re: unlogged tables v5
Next
From: Simon Riggs
Date:
Subject: Re: sepgsql contrib module