Home > mailing lists

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date	October 20, 2021 01:18:55
Msg-id	5c14df3f1b39f1931d2b4602d3adab9550523f80.camel@j-davis.com Whole thread Raw
In response to	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Mark Dilger <mark.dilger@enterprisedb.com>)
Responses	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
List	pgsql-hackers

Tree view

On Tue, 2021-10-19 at 13:17 -0700, Mark Dilger wrote:
> Wouldn't it be much cleaner to have superuser bypass the trigger?

Maybe it could be a user property like "BYPASS_EVENT_TRIGGERS", and
only superusers could adjust it (like the SUPERUSER and REPLICATION
properties).

I suppose it would default to BYPASS_EVENT_TRIGGERS for superusers and
not for non-superusers. A little awkward to have different defaults,
but it seems sensible in this case.

Would this bypass all event triggers, or only the event triggers of
another user?

Regards,
    Jeff Davis

pgsql-hackers by date:

From: Alvaro Herrera
Date: 20 October 2021, 01:12:51
Subject: Re: ALTER INDEX .. RENAME allows to rename tables/views as well

From: "Bossart, Nathan"
Date: 20 October 2021, 01:25:35
Subject: Re: ALTER INDEX .. RENAME allows to rename tables/views as well

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

Previous

Next