Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
| От | Noah Misch |
|---|---|
| Тема | Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) |
| Дата | |
| Msg-id | 20210528060618.GC3936145@rfd.leadboat.com обсуждение исходный текст |
| Ответ на | Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) (Mark Dilger <mark.dilger@enterprisedb.com>) |
| Ответы |
Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) |
| Список | pgsql-hackers |
On Tue, May 25, 2021 at 01:33:54PM -0700, Mark Dilger wrote: > v3-0001 adds a new pg_logical_replication role with permission to manage publications and subscriptions. > v3-0004 adds a new pg_database_security role with permission to perform many > actions that would otherwise require superuser, so long as those actions do > not compromise the security of the host or network. This role, along with > pg_logical_replication, is intended to be safe to delegate to the tenant of > a database provided as a service. pg_logical_replication would not be safe to delegate that way: https://postgr.es/m/flat/CACqFVBbx6PDq%2B%3DvHM0n78kHzn8tvOM-kGO_2q_q0zNAMT%2BTzdA%40mail.gmail.com
В списке pgsql-hackers по дате отправления: