Home > mailing lists

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date	July 27, 2021 18:27:12
Msg-id	CA+TgmoYF6EtxXQ8Z5w=rOHesOs9sG6HHL5ikrbV3hS=KoFG7zQ@mail.gmail.com Whole thread Raw
In response to	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Isaac Morland <isaac.morland@gmail.com>)
Responses	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

On Tue, Jul 27, 2021 at 10:24 AM Isaac Morland <isaac.morland@gmail.com> wrote:
> Isn’t this backwards? If all those roles are members of "tenant" then they can do anything "tenant" can do. The
reversemight work - make "tenant" a member of all the related roles - although I haven’t thought through in detail. 

Dang it, yes. The tenant needs to be members of all the other users,
not the other way around. I spent a long time trying to not get that
backwards and still did.

--
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Fujii Masao
Date: 27 July 2021, 18:20:21
Subject: Re: Fix around conn_duration in pgbench

From: Andrew Dunstan
Date: 27 July 2021, 18:29:58
Subject: Re: Reduce the number of special cases to build contrib modules on windows

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) - Mailing list pgsql-hackers

Previous

Next