Re: Additional role attributes && superuser review
| От | Stephen Frost |
|---|---|
| Тема | Re: Additional role attributes && superuser review |
| Дата | |
| Msg-id | 20160118021305.GI3685@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: Additional role attributes && superuser review (Bruce Momjian <bruce@momjian.us>) |
| Список | pgsql-hackers |
* Bruce Momjian (bruce@momjian.us) wrote: > On Sun, Jan 17, 2016 at 06:58:25PM -0500, Stephen Frost wrote: > > I'm not against that idea, though I continue to feel that there are > > common sets of privileges which backup tools could leverage. > > > > The other issue that I'm running into, again, while considering how to > > move back to ACL-based permissions for these objects is that we can't > > grant out the actual permissions which currently exist. That means we > > Is that because many of them are complex, e.g. you can kill only your > own sessions? Right. > > either need to break backwards compatibility, which would be pretty > > ugly, in my view, or come up with new functions and then users will have > > to know which functions to use when. > > > > As I don't think we really want to break backwards compatibility or > > remove existing functionality, the only approach which is going to make > > sense is to add additional functions in some cases. In particular, we > > will need alternate versions of pg_terminate_backend and > > pg_cancel_backend. One thought I had was to make that > > Like these? Could we define own-user-type rights? Interesting idea but I don't really see that being general enough that we would want to burn a GRANT bit for it... Thanks! Stephen
В списке pgsql-hackers по дате отправления: