On Dec24, 2010, at 05:00 , Tom Lane wrote:
> Florian Pflug <fgp@phlo.org> writes:
>> The problem here is that you suggest NOLOGIN should mean "Not allowed
>> to issue SQL commands", which really isn't what the name "NOLOGIN"
>> conveys.
>
> No, it means "not allowed to connect".
Exactly. Which proves my point, unless you're ready to argue that
replication connections somehow don't count as "connections".
> It's possible now to issue
> commands as a NOLOGIN user, you just have to use SET ROLE to become the
> user. I think you're arguing about a design choice that was already
> made some time ago.
You've lost me, how is that an argument in your favour? I *wasn't* arguing
that NOLOGIN ought to mean "No allowed to issue SQL commands". It was what
*your* proposal of letting a role connect for replication purposes despite
a NOLOGIN flag would *make* NOLOGIN mean.
best regards,
Florian Pflug