Home > mailing lists

Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Streaming replication as a separate permissions
Date	January 3, 2011 15:20:57
Msg-id	20326.1294071638@sss.pgh.pa.us Whole thread Raw
In response to	Re: Streaming replication as a separate permissions (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: Streaming replication as a separate permissions Re: Streaming replication as a separate permissions
List	pgsql-hackers

Tree view

Robert Haas <robertmhaas@gmail.com> writes:
> On the other hand, the REPLICATION privilege is denying you the right to
> perform an operation *even though you already are authenticated as a
> superuser*.  I don't think there's anywhere else in the system where
> we allow a privilege to non-super-users but deny that same privilege
> to super-users, and I don't think we should be starting now.

You might want to reflect on rolcatupdate a bit before asserting that
there are no cases where privileges are ever denied to superusers.

However, that precedent would suggest that the default should be to
grant the replication bit to superusers.
        regards, tom lane

pgsql-hackers by date:

From: Magnus Hagander
Date: 03 January 2011, 15:19:33
Subject: Re: Scanning pg_tablespace from walsender

From: Robert Haas
Date: 03 January 2011, 15:21:25
Subject: Re: Re: new patch of MERGE (merge_204) & a question about duplicated ctid

Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

Previous

Next