Re: Streaming replication as a separate permissions - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: Streaming replication as a separate permissions
Date
Msg-id AANLkTikE6AzSntA-DNoVb59Wrh4Ny_pCLKsFeWma77=v@mail.gmail.com
Whole thread Raw
In response to Re: Streaming replication as a separate permissions  (Magnus Hagander <magnus@hagander.net>)
Responses Re: Streaming replication as a separate permissions
List pgsql-hackers
On Fri, Dec 31, 2010 at 15:38, Magnus Hagander <magnus@hagander.net> wrote:
> On Thu, Dec 30, 2010 at 15:54, Peter Eisentraut <peter_e@gmx.net> wrote:
>> On ons, 2010-12-29 at 11:09 +0100, Magnus Hagander wrote:
>>> I've applied this version (with some minor typo-fixes).
>>
>> This page is now somewhat invalidated:
>>
>> http://developer.postgresql.org/pgdocs/postgres/role-attributes.html
>
> Hmm. Somehow I missed that page completely when looking through the
> docs. I'll go update that.

BTW, shouldn't CONNECTION LIMIT be listed on that page? and INHERIT?
And VALID UNTIL? They're all role attributes, no? At least the last
two certainly interact with the authentication system...


>> First, it doesn't mention the replication privilege, and second it
>> continues to claim that superuser status bypasses all permission checks.
>
> Well, that was *already* wrong.
>
> superuser doesn't bypass NOLOGIN.
>
> That doesn't mean it shouldn't be fixed, but that's independent of the
> replication role.

I've committed a fix for this.

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/


pgsql-hackers by date:

Previous
From: Greg Smith
Date:
Subject: Re: Recovery conflict monitoring
Next
From: Simon Riggs
Date:
Subject: Re: Sync Rep Design