Re: [HACKERS] Superowners

On 1/29/17 4:44 PM, Stephen Frost wrote:
> * Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
>> On 1/26/17 1:25 PM, Simon Riggs wrote:
>>> That should include the ability to dump all objects, yet without any
>>> security details. And it should allow someone to setup logical
>>> replication easily, including both trigger based and new logical
>>> replication. And GRANT ON ALL should work.
>> This basically sounds like a GRANT $privilege ON ALL $objecttype TO
>> $user.  So you could have a user that can read everything, for example.
>>
>> This kind of thing has been asked for many times, but that quieted down
>> when the default privileges feature appeared.  I think it would still be
>> useful.
> Agreed.  I would think we'd either do this with a default role or a role
> attribute.

Someone was asking for that on Slack the other day, because their 
customer wanted it. Default privs would not fit the bill: they wanted to 
grant specific roles the ability to read everything in the database (or 
maybe cluster; I don't think the conversation got into that level of 
detail).
-- 
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532)