Postgres Pro
Downloads
Home   >   mailing lists

Re: Seeking practice recommendation: is there ever a use case to have two or more superusers? - Mailing list pgsql-general

From Bryn Llewellyn
Subject Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?
Date
Msg-id 40623F5C-5B99-4AFD-9AA6-ABFFE6B17606@yugabyte.com
Whole thread Raw
In response to Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?  ("Peter J. Holzer" <hjp-pgsql@hjp.at>)
Responses Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?  ("David G. Johnston" <david.g.johnston@gmail.com>)
Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?  (Adrian Klaver <adrian.klaver@aklaver.com>)
List pgsql-general
Tree view 
> hjp-pgsql@hjp.at wrote:
>
>> ronljohnsonjr@gmail.com wrote:
>>
>> [developers or devops folks] like to "fix" things without documenting what they did, and then, when
>> something breaks, denying they did anything (or honestly not believing that
>> whatever "trivial" thing they did could any major or deliterious impact).
>
> Which is why you want to automate deployments. When the easiest way to fix something in production is to just push
thechange into the repo, this is what people will do. When doing it the "proper" way is much more complicated than just
fudgingit, people will do the latter. 

Thanks to all who offered their views on my question. It seems that different people will reach different conclusions.
I’lltake this as permission to reach my own conclusion. 

Software systems in general often offer some freedoms that most people think should never be exercise. For example, PG
letsyou define a domain that has a not null constraint on one, or more, of its data attributes. But the doc 

https://www.postgresql.org/docs/current/sql-createdomain.html

tells you not to do this. (Look for « Best practice therefore is to design a domain's constraints so that a null value
isallowed... ».) I was rather slow to grasp the risks that ignoring this advice brings.. But I get it now.) 

At the other end of the spectrum, there’s generally accepted thinking on how to choose between a procedure or a
functionfor a particular new use case. But there are still plenty of such cases where opinions will vary and where each
preferencecan be defended with reasonable arguments. 

I haven’t seen anything in the PG doc that warns against creating additional superusers—so I suppose that this fact
tellsme something. Nevertheless, I remain convinced about what I’d recommend here: 

The default choice must be to allow only one superuser: the inevitable bootstrap superuser.

But I’ll concede that I should see this like many rules of recommended practice. Sometimes they get broken. This seems
mostoften to happen  as an expedient because the recommended practice requires too much effort. The general
second-orderadvice for such scenarios is to write down the rationale and to offer it up for peer review. And if there
areno peers who care, then all bets are anyway off...

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Duda sobre como imprimir un campo INTERVAL
Next
From: "David G. Johnston"
Date:
Subject: Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?