Re: [HACKERS] Superowners

2017-02-03 Thread Robert Haas
On Mon, Jan 30, 2017 at 5:33 AM, Simon Riggs wrote: > I would call these "super privileges". > > Peter suggests that we have a much more flexible structure for > super-privileges. > > In Peter's model, Tom's suggestion woud be to grant all of these > automatically to

Re: [HACKERS] Superowners

2017-02-02 Thread Simon Riggs
On 30 January 2017 at 16:34, Peter Eisentraut wrote: > On 1/30/17 9:04 AM, Simon Riggs wrote: >> all I want in this release is >> super-ownership. > > What exactly is super-ownership, and what problems does it solve? The problem is that there is no easy way for

Re: [HACKERS] Superowners

2017-02-02 Thread Simon Riggs
On 30 January 2017 at 16:43, Tom Lane wrote: > Simon Riggs writes: >> Agreed. Let me reiterate: all I want in this release is >> super-ownership. > > While I'm not entirely convinced whether super-ownership is a good idea > or not, I am pretty sure that

Re: [HACKERS] Superowners

2017-01-30 Thread Tom Lane
Simon Riggs writes: > Agreed. Let me reiterate: all I want in this release is > super-ownership. While I'm not entirely convinced whether super-ownership is a good idea or not, I am pretty sure that rushing to get it into v10 is a bad idea. This is a rather fundamental

Re: [HACKERS] Superowners

2017-01-30 Thread Peter Eisentraut
On 1/30/17 9:04 AM, Simon Riggs wrote: > all I want in this release is > super-ownership. What exactly is super-ownership, and what problems does it solve? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services --

Re: [HACKERS] Superowners

2017-01-30 Thread Stephen Frost
Simon, * Simon Riggs (si...@2ndquadrant.com) wrote: > On 30 January 2017 at 14:43, Stephen Frost wrote: > > > We need to make sure that we're actually talking about the same things > > here, because we've now shifted from ownership-like privileges to those > > privielges

Re: [HACKERS] Superowners

2017-01-30 Thread Peter Eisentraut
On 1/29/17 7:44 PM, Stephen Frost wrote: > I would think we'd either do this with a default role or a role > attribute. That's not how I think about it. I think this would be a separate aclitem[] stored somewhere. The pg_xxx_aclcheck() functions could consult that implicitly. -- Peter

Re: [HACKERS] Superowners

2017-01-30 Thread David Fetter
On Fri, Jan 27, 2017 at 05:48:46PM -0500, Peter Eisentraut wrote: > On 1/26/17 1:25 PM, Simon Riggs wrote: > > That should include the ability to dump all objects, yet without > > any security details. And it should allow someone to setup logical > > replication easily, including both trigger

Re: [HACKERS] Superowners

2017-01-30 Thread Simon Riggs
On 30 January 2017 at 14:43, Stephen Frost wrote: > We need to make sure that we're actually talking about the same things > here, because we've now shifted from ownership-like privileges to those > privielges which can be GRANT'd, and the two are far from the same. Agreed.

Re: [HACKERS] Superowners

2017-01-30 Thread Stephen Frost
Simon, * Simon Riggs (si...@2ndquadrant.com) wrote: > On 27 January 2017 at 22:48, Peter Eisentraut > wrote: > > On 1/26/17 1:25 PM, Simon Riggs wrote: > >> That should include the ability to dump all objects, yet without any > >> security details. And it should

Re: [HACKERS] Superowners

2017-01-30 Thread Simon Riggs
On 27 January 2017 at 22:48, Peter Eisentraut wrote: > On 1/26/17 1:25 PM, Simon Riggs wrote: >> That should include the ability to dump all objects, yet without any >> security details. And it should allow someone to setup logical >> replication easily,

Re: [HACKERS] Superowners

2017-01-29 Thread Stephen Frost
Jim, * Jim Nasby (jim.na...@bluetreble.com) wrote: > On 1/29/17 4:44 PM, Stephen Frost wrote: > >* Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > >>On 1/26/17 1:25 PM, Simon Riggs wrote: > >>>That should include the ability to dump all objects, yet without any > >>>security details.

Re: [HACKERS] Superowners

2017-01-29 Thread Jim Nasby
On 1/29/17 4:44 PM, Stephen Frost wrote: * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: On 1/26/17 1:25 PM, Simon Riggs wrote: That should include the ability to dump all objects, yet without any security details. And it should allow someone to setup logical replication easily,

Re: [HACKERS] Superowners

2017-01-29 Thread Stephen Frost
* Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 1/26/17 1:25 PM, Simon Riggs wrote: > > That should include the ability to dump all objects, yet without any > > security details. And it should allow someone to setup logical > > replication easily, including both trigger based and

Re: [HACKERS] Superowners

2017-01-27 Thread Peter Eisentraut
On 1/26/17 1:25 PM, Simon Riggs wrote: > That should include the ability to dump all objects, yet without any > security details. And it should allow someone to setup logical > replication easily, including both trigger based and new logical > replication. And GRANT ON ALL should work. This

Re: [HACKERS] Superowners

2017-01-26 Thread Simon Riggs
On 26 January 2017 at 17:37, Peter Eisentraut wrote: > On 1/24/17 8:19 AM, Tom Lane wrote: >> What about just saying that the database owner has those privileges? >> After all, the ultimate privilege of an owner is to drop the object >> (and then remake it as she

Re: [HACKERS] Superowners

2017-01-26 Thread David G. Johnston
On Thursday, January 26, 2017, Michael Banck wrote: > On Thu, Jan 26, 2017 at 12:37:44PM -0500, Peter Eisentraut wrote: > > On 1/24/17 8:19 AM, Tom Lane wrote: > > > What about just saying that the database owner has those privileges? > > > After all, the ultimate

Re: [HACKERS] Superowners

2017-01-26 Thread Michael Banck
On Thu, Jan 26, 2017 at 12:37:44PM -0500, Peter Eisentraut wrote: > On 1/24/17 8:19 AM, Tom Lane wrote: > > What about just saying that the database owner has those privileges? > > After all, the ultimate privilege of an owner is to drop the object > > (and then remake it as she pleases), and the

Re: [HACKERS] Superowners

2017-01-26 Thread Peter Eisentraut
On 1/24/17 8:19 AM, Tom Lane wrote: > What about just saying that the database owner has those privileges? > After all, the ultimate privilege of an owner is to drop the object > (and then remake it as she pleases), and the DB owner has that option > w.r.t. the whole database. So I'm not sure we

Re: [HACKERS] Superowners

2017-01-24 Thread Stephen Frost
Simon, * Simon Riggs (si...@2ndquadrant.com) wrote: > So I was thinking about various annoying admin/security issues > recently, so I came up with this: a new type of user called a > “superowner”. It’s somewhere between a superuser and a normal user. I like the general idea, but I'm not really

Re: [HACKERS] Superowners

2017-01-24 Thread Simon Riggs
On 24 January 2017 at 13:19, Tom Lane wrote: > Simon Riggs writes: >> So I was thinking about various annoying admin/security issues >> recently, so I came up with this: a new type of user called a >> “superowner”. It’s somewhere between a superuser

Re: [HACKERS] Superowners

2017-01-24 Thread Tom Lane
Simon Riggs writes: > So I was thinking about various annoying admin/security issues > recently, so I came up with this: a new type of user called a > “superowner”. It’s somewhere between a superuser and a normal user. > Superowner would own all objects defined by users,

[HACKERS] Superowners

2017-01-24 Thread Simon Riggs
So I was thinking about various annoying admin/security issues recently, so I came up with this: a new type of user called a “superowner”. It’s somewhere between a superuser and a normal user. Superowner would own all objects defined by users, so it would do useful things in contexts where