On Mon, Jan 3, 2011 at 6:00 AM, Magnus Hagander <mag...@hagander.net> wrote: > On Fri, Dec 31, 2010 at 15:38, Magnus Hagander <mag...@hagander.net> wrote: >> On Thu, Dec 30, 2010 at 15:54, Peter Eisentraut <pete...@gmx.net> wrote: >>> On ons, 2010-12-29 at 11:09 +0100, Magnus Hagander wrote: >>>> I've applied this version (with some minor typo-fixes). >>> >>> This page is now somewhat invalidated: >>> >>> http://developer.postgresql.org/pgdocs/postgres/role-attributes.html >> >> Hmm. Somehow I missed that page completely when looking through the >> docs. I'll go update that. > > BTW, shouldn't CONNECTION LIMIT be listed on that page? and INHERIT? > And VALID UNTIL? They're all role attributes, no?
+1. >>> First, it doesn't mention the replication privilege, and second it >>> continues to claim that superuser status bypasses all permission checks. >> >> Well, that was *already* wrong. >> >> superuser doesn't bypass NOLOGIN. >> >> That doesn't mean it shouldn't be fixed, but that's independent of the >> replication role. > > I've committed a fix for this. I still think this is the wrong approach. Saying superuser doesn't bypass nologin is like saying that it doesn't bypass the need to enter the correct password to authenticate to it. You have to BE the superuser before you start bypassing permissions checks, and NOLOGIN and a possible password prompts control WHO CAN BECOME superuser. On the other hand, the REPLICATION privilege is denying you the right to perform an operation *even though you already are authenticated as a superuser*. I don't think there's anywhere else in the system where we allow a privilege to non-super-users but deny that same privilege to super-users, and I don't think we should be starting now. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
