Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

From Jeff Davis
Subject Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date
Msg-id 254d5da17496b75ee9d58a19df358d4fccb6c8f6.camel@j-davis.com
Whole thread Raw
In response to Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)  (Stephen Frost <sfrost@snowman.net>)
List pgsql-hackers
On Wed, 2021-10-20 at 16:36 -0400, Stephen Frost wrote:
> > I think that's basically giving up the important part of this idea,
> > which is to allow meaningful administration without superuser
> > privileges. "highly-privileged roles only" sounds like in practice
> > it
> > would amount to the superuser or someone who can become the
> > superuser
> > -- and thus probably wouldn't include the "master tenant" role in a
> > service provider environment.
> 
> I’m in agreement with Robert on this point.

I'm OK to move past this and continue with Mark's approach.

Noah made the original complaint, though, so he might have something to
add.

Regards,
    Jeff Davis





pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Assorted improvements in pg_dump
Next
From: "Bossart, Nathan"
Date:
Subject: Re: parallelizing the archiver