Re: Proposal: access control jails (and introduction as aspiring GSoC student) - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Proposal: access control jails (and introduction as aspiring GSoC student)
Date
Msg-id 4567.1269370729@sss.pgh.pa.us
Whole thread Raw
In response to Re: Proposal: access control jails (and introduction as aspiring GSoC student)  (Alvaro Herrera <alvherre@commandprompt.com>)
Responses Re: Proposal: access control jails (and introduction as aspiring GSoC student)
List pgsql-hackers
Alvaro Herrera <alvherre@commandprompt.com> writes:
> Robert Haas escribi�:
>> On Tue, Mar 23, 2010 at 1:28 PM, Josh Berkus <josh@agliodbs.com> wrote:
>>> BTW, if you wanted something less ambitious, we have a longstanding
>>> request to implement "local superuser", that is, the ability to give one
>>> role the ability to edit other roles in one database only.
>> 
>> But roles aren't database-specific...  they're globals.

> Well, that's another longstanding request ;-)  (See the
> db_user_namespace hack)

Yeah, you'd have to fix that first.  The "ambitious" part of that is
coming up with a spec that everybody will accept.  Once you had that,
coding it might not be very hard ...

BTW, "local superuser" is an oxymoron.  If you're superuser you'd have
no trouble whatsoever breaking into other databases.  "Local CREATEROLE"
privilege could be a sane concept, though, if we had local roles.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Gokulakannan Somasundaram
Date:
Subject: Re: Deadlock possibility in _bt_check_unique?
Next
From: Gokulakannan Somasundaram
Date:
Subject: Re: Deadlock possibility in _bt_check_unique?