* David G. Johnston (david.g.johns...@gmail.com) wrote: > From what I've read here I'm thinking Stephen has the right idea.
Thanks. Additionally, your comments make me realize an existing issue, which is superuser-only but I'll address shortly anyway (we have far too many users running around as superuser)- SET SESSION AUTHORIZATION. > Lets be conservative in what we allow with these new roles and let > experience guide us as to whether we need to open things up more - or just > fix oversights. Agreed. I would further point out that allowing users to SET ROLE to a system role means they can "give away" objects to that role, which is quite unlikely what an administrator intended to allow. Consider the 'pg_signal_backend' role, in particular. You may wish to give that to your test users, who are running crazy tests and who need to be able to cancel crazy backend queries that get kicked off due to their crazy testing. Those users shouldn't be allowed to give away objects they create to a system role, yet that's difficult to prevent, if we allow users to SET ROLE to system roles. I don't think that most admins would really want users to be able to SET ROLE to the system users they've been granted. Thanks! Stephen
signature.asc
Description: Digital signature