Home > mailing lists

Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER
Date	July 21, 2022 19:46:57
Msg-id	72971.1658422017@sss.pgh.pa.us Whole thread Raw
In response to	Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER ("David G. Johnston" <david.g.johnston@gmail.com>)
Responses	Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER
List	pgsql-hackers

Tree view

"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Thu, Jul 21, 2022 at 9:28 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> True, but what if the idea is to have *no* superusers?  I seem
>> to recall people being interested in setups like that.

> I would expect an initdb option (once this is possible) to specify this
> desire and we just never set one up in the first place.  It seems
> impractical to remove one after it already exists.

There has to be a role that owns the built-in objects.  Robert's point
is that pretending that that role isn't high-privilege is silly.

            regards, tom lane

pgsql-hackers by date:

From: "David G. Johnston"
Date: 21 July 2022, 19:41:04
Subject: Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER

From: Robert Haas
Date: 21 July 2022, 19:47:30
Subject: Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER

Re: let's disallow ALTER ROLE bootstrap_superuser NOSUPERUSER - Mailing list pgsql-hackers

Previous

Next