Re: Proposal: access control jails (and introduction as aspiring GSoC student) - Mailing list pgsql-hackers

From Robert Haas
Subject Re: Proposal: access control jails (and introduction as aspiring GSoC student)
Date
Msg-id 603c8f071003231042y3da3536ufcf0c7c691489a55@mail.gmail.com
Whole thread Raw
In response to Re: Proposal: access control jails (and introduction as aspiring GSoC student)  (Josh Berkus <josh@agliodbs.com>)
Responses Re: Proposal: access control jails (and introduction as aspiring GSoC student)
List pgsql-hackers
On Tue, Mar 23, 2010 at 1:28 PM, Josh Berkus <josh@agliodbs.com> wrote:
> I don't think that the idea of turning on the jail mode via a
> session-level switch works, given the realities of connection pooling.
> Also, I do not believe that we currently have any USERSET variable which
> can be turned on but not off, so that would require adding a whole new mode.

I think this could be done with an assign hook.

> BTW, if you wanted something less ambitious, we have a longstanding
> request to implement "local superuser", that is, the ability to give one
> role the ability to edit other roles in one database only.

But roles aren't database-specific...  they're globals.

...Robert


pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: 9.0 release notes done
Next
From: Gokulakannan Somasundaram
Date:
Subject: Re: Deadlock possibility in _bt_check_unique?