On Tue, Dec 17, 2019 at 5:27 AM Peter Eisentraut
<peter.eisentraut@2ndquadrant.com> wrote:
> I realize that there are a number of facilities nowadays to do enhanced
> security setups. But let's consider what 99% of users are using. If
> the database server runs as user X and you are logged in as user X, you
> should be able to manage the database server that is running as user X
> without further restrictions. Anything else would call into question
> the entire security model that postgres is built around. But also,
> there is an option to turn this off in my patch, if you really have the
> need.
I feel like this is taking a policy decision that properly belongs in
pg_hba.conf and making it into a GUC. If you're introducing a GUC
because it's not possible to configure the behavior that you want in
pg_hba.conf, then I think the solution to that is to enhance
pg_hba.conf so that it can support the behavior you want to configure.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
