Re: Granting control of SUSET gucs to non-superusers
| От | Isaac Morland |
|---|---|
| Тема | Re: Granting control of SUSET gucs to non-superusers |
| Дата | |
| Msg-id | CAMsGm5eDn7uBcit=aBvOSmUvPxrdpp1GZZyPVjL+9fUiYm_f8A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Granting control of SUSET gucs to non-superusers (Mark Dilger <mark.dilger@enterprisedb.com>) |
| Список | pgsql-hackers |
On Fri, 30 Apr 2021 at 22:00, Mark Dilger <mark.dilger@enterprisedb.com> wrote:
Viewing all of this in terms of which controls allow the tenant to escape a hypothetical sandbox seems like the wrong approach. Shouldn't we let service providers decide which controls would allow the tenant to escape the specific sandbox the provider has designed?
I’m not even sure I should be mentioning this possibility, but what if we made each GUC parameter a grantable privilege? I’m honestly not sure if this is insane or not. I mean numerically it’s a lot of privileges, but conceptually it’s relatively simple.
What I like the least about it is actually the idea of giving up entirely on the notion of grouping privileges into reasonable packages: some of these privileges would be quite safe to grant in many or even most circumstances, while others would usually not be reasonable to grant.
В списке pgsql-hackers по дате отправления: