On 1/29/17 4:44 PM, Stephen Frost wrote:
* Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote:
On 1/26/17 1:25 PM, Simon Riggs wrote:
That should include the ability to dump all objects, yet without any
security details. And it should allow someone to setup logical
replication easily, including both trigger based and new logical
replication. And GRANT ON ALL should work.
This basically sounds like a GRANT $privilege ON ALL $objecttype TO
$user. So you could have a user that can read everything, for example.
This kind of thing has been asked for many times, but that quieted down
when the default privileges feature appeared. I think it would still be
useful.
Agreed. I would think we'd either do this with a default role or a role
attribute.
Someone was asking for that on Slack the other day, because their
customer wanted it. Default privs would not fit the bill: they wanted to
grant specific roles the ability to read everything in the database (or
maybe cluster; I don't think the conversation got into that level of
detail).
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
855-TREBLE2 (855-873-2532)
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
