I want to allow a non-superuser to alter objects owned by another user.
This should be an audited operation (logging a notice of what was done
to the postgres logs is sufficient).
This is so that I can allow trusted users to perform maintenance
operations without having to give them either superuser privilege, or
the password for the object owner account. This should allow us to
satisfy an outside auditor that no-one outside of the sysadmin group has
unrestricted (ie unaudited) superuser access.
I had hoped to implement this using set session authorization within a
security-definer plpgsql function but security-definer is inadequate for
passing on superuser status.
Does anyone have any suggestions?
My current thinking is to implement a C language function which is only
accessible to my trusted users. This would simply call
SetSessionAuthorization with the is_superuser argument set to true. Is
this a horrible idea?
Thanks.
__
Marc