Re: [HACKERS] Superowners

On Mon, Jan 30, 2017 at 5:33 AM, Simon Riggs <simon@2ndquadrant.com> wrote:
> I would call these "super privileges".
>
> Peter suggests that we have a much more flexible structure for super-privileges.
>
> In Peter's model, Tom's suggestion woud be to grant all of these
> automatically to database owners.
> GRANT ALL ON ALL TABLES TO $user
> GRANT ALL ON ALL SEQUENCES TO $user
> GRANT ALL ON ALL FUNCTIONS TO $user
>
> Either of them would be good for me, as long as we implement the rule
> as Tom suggests that this would never apply to objects owned by a
> superuser.

I like Peter's model better, or more precisely Stephen's suggestion of
doing this via some default roles.  Tom's model breaks backward
compatibility in a security-sensitive way, and it doesn't generalize
to things like wanting a user who can read everything but who has no
elevated write privileges.  The idea of having predefined roles called
pg_read_anything, pg_write_anything, etc. seems quite elegant and very
powerful, and nobody's existing permissions structure has to change
unless they so desire.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company