On Thu, 2021-05-13 at 11:42 -0700, Mark Dilger wrote: > The distinction that Theme+Security would make is that capabilities > can be categorized by the area of the system: > -- planner > -- replication > -- logging > ... > but also by the security implications of what is being done: > -- host > -- schema > -- network Since the "security" buckets are being used for both proposals -- how you would deal with overlap between them? When a GUC gives you enough host access to bleed into the schema and network domains, does it get all three attributes assigned to it, and thus require membership in all three roles?
(Thanks, by the way, for this thread -- I think a "capability system" for superuser access is a great idea.) --Jacob
