Robert Haas <> wrote:

> I think it would help, on all accounts, to explain why in the world
> we're spending time on this in the first place.  I have a sneaking
> suspicion this is 1 of N things we need to do to meet some US
> government security standard, and if something like that is the case,
> that could tip the balance toward doing it, or toward a particular
> implementation of the concept.

Stephen my correct me on this, but I seem to remember him saying
that this was part of a general effort to avoid needing to use a
superuser login for routine tasks that don't fit into the area of
what a sysadmin would do.  That seems like a laudable goal to me.
Of course, most or all of what this particular feature would allow
can be done using superuser-owned SECURITY DEFINER functions, but
that is sure a lot clumsier and error-prone than being able to say
that role x can read from directory data/input and role y can write
to directory data/output.

That said, Stephen does seem to have some additional specific use
cases in mind which he hasn't shared with the list; knowing what
problems we're talking about solving would sure help make
discussions about the possible solutions more productive.  :-)

Kevin Grittner
The Enterprise PostgreSQL Company

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

Reply via email to