Re: non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok?
| От | Mark Dilger |
|---|---|
| Тема | Re: non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok? |
| Дата | |
| Msg-id | F1EFCFFF-EC9E-42D1-9C3C-3741C553CE34@enterprisedb.com обсуждение исходный текст |
| Ответ на | non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok? (Ashutosh Sharma <ashu.coek88@gmail.com>) |
| Ответы |
Re: non-superusers are allowed to drop the replication user, but are not allowed to alter or even create them, is that ok?
|
| Список | pgsql-hackers |
> On Sep 30, 2021, at 3:07 AM, Ashutosh Sharma <ashu.coek88@gmail.com> wrote: > > While working on one of the internal projects I noticed that currently in Postgres, we do not allow normal users to alterattributes of the replication user. However we do allow normal users to drop replication users or to even rename itusing the alter command. Is that behaviour ok? If yes, can someone please help me understand how and why this is okay. The definition of CREATEROLE is a bit of a mess. Part of the problem is that roles do not have owners, which makes the permissionsto drop roles work differently than for other object types. I have a patch pending [1] for the version 15 developmentcycle that fixes this and other problems. I'd appreciate feedback on the design and whether it addresses yourconcerns. [1] https://commitfest.postgresql.org/34/3223/ — Mark Dilger EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: