Andrew Dunstan wrote: > > > On 04/07/2011 11:01 AM, Tom Lane wrote: > > Andrew Dunstan<and...@dunslane.net> writes: > >> I thought about that. What I'd like to know is how many people actually > >> want and use and expect the current behaviour. If it's more than a > >> handful (which I seriously doubt) then that's probably the way to go. > >> Otherwise it seems more trouble than it's worth. > > Well, the point here is that "is_member_of" is currently considered > > to be a kind of privilege test, and of course superusers should > > automatically pass every privilege test. If you want it to not act > > that way in some circumstances, we need a fairly clear theory as to > > which circumstances it should act which way in. > > > > > > Personally, other things being equal I would expect things to operate > similarly to Unix groups, where root can do just about anything but is > only actually a member of a small number of groups: > > [root@emma ~]# groups > root bin daemon sys adm disk wheel > > I bet most DBAs and SAs would expect the same. > > The HBA file is the most obvious context in which this actually matters, > and off hand I can't think of another.
Is this a TODO? -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
