Home > mailing lists

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date	October 21, 2021 00:55:54
Msg-id	254d5da17496b75ee9d58a19df358d4fccb6c8f6.camel@j-davis.com Whole thread Raw
In response to	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On Wed, 2021-10-20 at 16:36 -0400, Stephen Frost wrote:
> > I think that's basically giving up the important part of this idea,
> > which is to allow meaningful administration without superuser
> > privileges. "highly-privileged roles only" sounds like in practice
> > it
> > would amount to the superuser or someone who can become the
> > superuser
> > -- and thus probably wouldn't include the "master tenant" role in a
> > service provider environment.
> 
> I’m in agreement with Robert on this point.

I'm OK to move past this and continue with Mark's approach.

Noah made the original complaint, though, so he might have something to
add.

Regards,
    Jeff Davis

pgsql-hackers by date:

From: Tom Lane
Date: 21 October 2021, 00:14:45
Subject: Assorted improvements in pg_dump

From: "Bossart, Nathan"
Date: 21 October 2021, 01:20:21
Subject: Re: parallelizing the archiver

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

Previous

Next