* David G. Johnston (david.g.johns...@gmail.com) wrote:
> From what I've read here I'm thinking Stephen has the right idea.

Thanks.  Additionally, your comments make me realize an existing issue,
which is superuser-only but I'll address shortly anyway (we have far too
many users running around as superuser)- SET SESSION AUTHORIZATION.

> Lets be conservative in what we allow with these new roles and let
> experience guide us as to whether we need to open things up more - or just
> fix oversights.


I would further point out that allowing users to SET ROLE to a system
role means they can "give away" objects to that role, which is quite
unlikely what an administrator intended to allow.

Consider the 'pg_signal_backend' role, in particular.  You may wish to
give that to your test users, who are running crazy tests and who need
to be able to cancel crazy backend queries that get kicked off due to
their crazy testing.  Those users shouldn't be allowed to give away
objects they create to a system role, yet that's difficult to prevent,
if we allow users to SET ROLE to system roles.  I don't think that most
admins would really want users to be able to SET ROLE to the system
users they've been granted.



Attachment: signature.asc
Description: Digital signature

Reply via email to