On Thu, Jan 26, 2017 at 10:36 PM, Stephen Frost <sfr...@snowman.net> wrote: > > Perhaps unsuprisingly, but you've still not convinced me, so I don't > agree with this change. > >> Currently, I count three votes in favor of this approach and one >> opposed. If anyone else wants to weigh in, please do. It would be >> helpful if anyone weighing in can be clear about whether (a) they are >> in favor of the patch as proposed, or (b) they are not in favor of the >> patch as proposed but could support a narrower patch that removed the >> checks only from functions with no known escalate-to-superuser risks, >> or (c) they oppose all change. It would also be helpful if the >> reasons why each person takes the position that they do could be >> mentioned. > > I agree that it'd be nice if others would weigh in on this.
As a general point I'm entirely in favour of removing any superuser checks and replacing them either with standard GRANT ACL config, or where appropriate, some other type of permission that we can grant to roles as needed. Probably the most common complaint I get from users regarding the management & monitoring tools I work on is that they have to use superuser accounts to get the full benefits, unlike other DBMSs where you can create a role with just the required privileges (or indeed, other DBMSs that ship with such roles pre-defined for convenience). -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers