Home > mailing lists

Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo - Mailing list pgsql-committers

From	Andrew Dunstan
Subject	Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo
Date	November 3, 2011 20:04:22
Msg-id	4EB2F3B3.6020509@dunslane.net Whole thread Raw
In response to	Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-committers

Tree view

On 11/03/2011 03:16 PM, Tom Lane wrote:
> Andrew Dunstan<andrew@dunslane.net>  writes:
>> Do not treat a superuser as a member of every role for HBA purposes.
>> This makes it possible to use reject lines with group roles.
> As committed, this patch also changes the behavior of "samerole", but
> the doc update fails to reflect that.
>
>

I'm happy to update the docs if you think it's necessary. I think this
is desired behaviour, for the same reason as for named roles, namely
that you can add superusers to the list if necessary. I can't think of a
sane case where this would make a difference, but I'm happy to be
pedantic if you like.

cheers

andrew

pgsql-committers by date:

From: Tom Lane
Date: 03 November 2011, 19:17:05
Subject: Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo

From: Andrew Dunstan
Date: 03 November 2011, 20:35:05
Subject: pgsql: Role membership of superusers is only by explicit membership for

Re: pgsql: Do not treat a superuser as a member of every role for HBA purpo - Mailing list pgsql-committers

Previous

Next