On Sun, May 21, 2023 at 3:05 PM Jonathan S. Katz <jk...@postgresql.org> wrote: > * Support for regular expressions for matching usernames and databases > names in `pg_hba.conf`, and user names in `pg_ident.conf`
I suggest that this is not a major feature. Perhaps the work that I did to improve CREATEROLE could be considered for inclusion in the major features list. In previous releases, someone with CREATEROLE can hack the PG OS account. Now they can't. In previous releases, someone with CREATEROLE can manage all non-superuser roles, but now they can manage the roles they create (or ones they are given explicit authority to manage). You can even control whether or not such users automatically inherit the privileges of roles they create, as superusers inherit all privileges. There is certainly some argument that this is not a sufficiently significant set of changes to justify a major feature mention, and even if it is, it's not clear to me exactly how it would be best worded. And yet I feel like it's very likely that if we look back on this release in 3 years, those changes will have had a significant impact on many PostgreSQL deployments, above all in the cloud, whereas I think it likely that the ability to have regular expressions in pg_hba.conf and pg_ident.conf will have had very little effect by comparison. Of course, there is always a possibility that I'm over-estimating the impact of my own work. -- Robert Haas EDB: http://www.enterprisedb.com
