> From: Kevin Grittner <kevin.gritt...@wicourts.gov> >Glyn Astill <glynast...@yahoo.co.uk> wrote: > >> How can I specifically catch superusers? > > Create a group (nobody?) that you don't grant to any users. Only > superusers will be a member of it. >
Ah of course, simple, thanks Kevin. I can't help but feel that there should be something in the docs for 9.0 to specify this, since it is a behaviour difference from 8.4 and earlier. The docs (http://www.postgresql.org/docs/9.0/interactive/auth-pg-hba-conf.html) do say: "Recall that there is no real distinction between users and groups in PostgreSQL; a + mark really means "match any of the roles that are directly or indirectly members of this role", while a name without a + mark matches only that specific role" Maybe the docs should be embellished to also say "since a superuser is automatically considered a member of any group, it should be taken into account that names with a + mark will affect all superusers (although this was not the case prior to 9.0)" or something along those lines. Glyn -- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
