Re: Proposal: access control jails (and introduction as aspiring GSoC student)
| От | Tom Lane |
|---|---|
| Тема | Re: Proposal: access control jails (and introduction as aspiring GSoC student) |
| Дата | |
| Msg-id | 4567.1269370729@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Proposal: access control jails (and introduction as aspiring GSoC student) (Alvaro Herrera <alvherre@commandprompt.com>) |
| Ответы |
Re: Proposal: access control jails (and introduction as
aspiring GSoC student)
|
| Список | pgsql-hackers |
Alvaro Herrera <alvherre@commandprompt.com> writes:
> Robert Haas escribi�:
>> On Tue, Mar 23, 2010 at 1:28 PM, Josh Berkus <josh@agliodbs.com> wrote:
>>> BTW, if you wanted something less ambitious, we have a longstanding
>>> request to implement "local superuser", that is, the ability to give one
>>> role the ability to edit other roles in one database only.
>>
>> But roles aren't database-specific... they're globals.
> Well, that's another longstanding request ;-) (See the
> db_user_namespace hack)
Yeah, you'd have to fix that first. The "ambitious" part of that is
coming up with a spec that everybody will accept. Once you had that,
coding it might not be very hard ...
BTW, "local superuser" is an oxymoron. If you're superuser you'd have
no trouble whatsoever breaking into other databases. "Local CREATEROLE"
privilege could be a sane concept, though, if we had local roles.
regards, tom lane
В списке pgsql-hackers по дате отправления: