Home > mailing lists

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

From	Mark Dilger
Subject	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date	July 26, 2021 23:25:29
Msg-id	6E892218-B431-4BAE-9E2D-8DF3741A58EA@enterprisedb.com Whole thread Raw
In response to	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

> On Jul 26, 2021, at 1:12 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>
> Alice should not be permitted to preventing Bob
> from doing something which Bob is allowed to do and Alice is not
> allowed to do.

That sounds intuitively reasonable, though it depends on what "which Bob is allowed to do" means.  For instance, if
Aliceis only allowed to enable or disable connections to the database, and she disables them, then she has prevented
Bobfrom, for example, creating tables, something which Bob is otherwise allowed to do, because without the ability to
connect,he cannot create tables. 

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Tom Lane
Date: 26 July 2021, 23:24:46
Subject: Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)

From: Tom Lane
Date: 26 July 2021, 23:27:05
Subject: Re: Removing "long int"-related limit on hash table sizes

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

Previous

Next