Home > mailing lists

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date	July 27, 2021 00:16:25
Msg-id	202107262116.cqtg2wflgsyx@alvherre.pgsql Whole thread Raw
In response to	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On 2021-Jul-26, Tom Lane wrote:

> Stephen Frost <sfrost@snowman.net> writes:
> > ... Tom's suggestion
> > would work, of course, but it would mean having to create event triggers
> > for all the roles in the system, and would those roles who own those
> > event triggers be able to disable them..?
> 
> Uh, why not?  If you own the trigger, you can drop it, so why shouldn't
> you be able to temporarily disable it?

I think an auditing system that can be turned off by the audited user is
pretty much useless.  Or did I misunderstood what you are suggesting?

-- 
Álvaro Herrera              Valdivia, Chile  —  https://www.EnterpriseDB.com/
"Crear es tan difícil como ser libre" (Elsa Triolet)

pgsql-hackers by date:

From: Tom Lane
Date: 27 July 2021, 00:01:56
Subject: Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)

From: Tom Lane
Date: 27 July 2021, 00:25:27
Subject: Re: automatically generating node support functions

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

Previous

Next