> On Nov 23, 2022, at 11:02 AM, Robert Haas <robertmhaas@gmail.com> wrote:
>
> For me, this
> clearly falls into the "good" category: it's configuration that you
> put into the database that makes things happen the way you want, not a
> behavior-changing setting that comes along and ruins somebody's day.
I had incorrectly imagined that if the bootstrap superuser granted CREATEROLE to Alice with particular settings, those
settingswould limit the things that Alice could do when creating role Bob, specifically limiting how much she could
administer/inherit/setrole Bob thereafter. Apparently, your proposal only configures what happens by default, and
Alicecan work around that if she wants to. But if that's the case, did I misunderstand upthread that these are
propertiesthe superuser specifies about Alice? Can Alice just set these properties about herself, so she gets the
behaviorshe wants? I'm confused now about who controls these settings.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
