Re: [GENERAL] pg_basebackup issue
| От | Adrian Klaver |
|---|---|
| Тема | Re: [GENERAL] pg_basebackup issue |
| Дата | |
| Msg-id | 9308725f-2646-9554-d007-b0d642dec4b0@aklaver.com обсуждение исходный текст |
| Ответ на | Re: [GENERAL] pg_basebackup issue (chiru r <chirupg@gmail.com>) |
| Ответы |
Re: [GENERAL] pg_basebackup issue
|
| Список | pgsql-general |
On 04/22/2017 08:04 PM, chiru r wrote: > Use case: Want to control database privileges/default roles by creating > roles instead of granting directly to users. > So that we can manage database access control easily. Which you can do. However, pg_basebackup is a cluster wide command not tied a particular database, so database privileges do not apply. You can still manage it by restricting the roles able to connect to 'replication' in pg_hba.conf and creating roles that match that have only the replication attribute. It is why the replication attribute was added to role creation. > > Thanks, > Chiru > > On Sat, Apr 22, 2017 at 10:03 PM, David G. Johnston > <david.g.johnston@gmail.com <mailto:david.g.johnston@gmail.com>> wrote: > > On Saturday, April 22, 2017, chiru r <chirupg@gmail.com > <mailto:chirupg@gmail.com>> wrote: > > Thank you Adrian. > > It seems the code is allowing only who has Superuser/Replication > role directly. > > Is there any possibility in future releases they allow both case > A & B Users able to use pg_basebackup. > > > It does not seem wise to introduce inheritance of such > powerful capabilities when for many years now we have not done so. > It seems like reality could be better documented but the present > behavior should stay. I also find the original choice to be quite > sane regardless. > > David J. > > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: