Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?

On 11/21/22 9:40 AM, Bryn Llewellyn wrote:
>> adrian.klaver@aklaver.com wrote:

> Then there’s this (from the doc):
> 
>> It is good practice to create a role that has the CREATEDB and CREATEROLE privileges, but is not a superuser, and
thenuse this role for all routine management of databases and roles. This approach avoids the dangers of operating as a
superuserfor tasks that do not really require it.
 
> 
> 
> That, too, reads like a recommendation that intends to inform a security policy. But, I suppose, one could argue that
sayingsomething “is good practice” is very different from making a recommendation.
 
> 
> Consider this wording. It also uses “good practice”.
> 
> «
> It is good practice to limit the number of superuser roles that exist in a cluster to exactly one: the inevitable
bootstrapsuperuser. This recognizes the fact that, once the initial configuration of a cluster has been done
immediatelyafter its creation (which configuration is done while still in self-imposed single-user mode), there are
thenvery few, and infrequent, tasks that require the power of the superuser role.
 
> »
> 
> Nobody supports it!

I went back through the thread and don't anywhere when you made the 
above statement, correct me if I am wrong. In that case there was 
nothing to support or not support until now.

What people where responding to the title of the thread:

"Seeking practice recommendation: is there ever a use case to have two 
or more superusers?"

That is a different ask.


> 
> I’m puzzled why the good practice statement about a role with the CREATEDB and CREATEROLE attributes earns a place in
thedoc while nobody at all is prepared to make a practice statement about how many superusers is good. I’d like very
muchto understand the critical parts that I’m missing of the essential mental model in this general space.
 
> 
> 


-- 
Adrian Klaver
adrian.klaver@aklaver.com