Andres,
* Andres Freund (andres@anarazel.de) wrote:
> On 2017-01-25 18:04:09 -0500, Stephen Frost wrote:
> > Robert's made it clear that he'd like to have a blanket rule that we
> > don't have superuser checks in these code paths if they can be GRANT'd
> > at the database level, which goes beyond pg_ls_dir.
>
> That seems right to me. I don't see much benefit for the superuser()
> style checks, with a few exceptions. Granting by default is obviously
> an entirely different question.
Well, for my part at least, I disagree. Superuser is a very different
animal, imv, than privileges which can be GRANT'd, and I feel that's an
altogether good thing.
> In other words, you're trying to force people to do stuff your preferred
> way, instead of allowing them to get things done is a reasonable manner.
Apparently we disagree about what is a 'reasonable manner'.
Thanks!
Stephen
