Re: New default role- 'pg_read_all_data'
Georgios <gkokolatos@protonmail.com>
From: Georgios Kokolatos <gkokolatos@protonmail.com>
To: pgsql-hackers@lists.postgresql.org
Cc: Stephen Frost <sfrost@snowman.net>
Date: 2020-08-28T12:16:36Z
Lists: pgsql-hackers
Thank you for the patch. My high level review comment: The patch seems to be implementing a useful and requested feature. The patch applies cleanly and passes the basic regress tests. Also the commitfest bot is happy. A first pass at the code, has not revealed any worthwhile comments. Please allow me for a second and more thorough pass. The commitfest has hardly started after all. Also allow me a series of genuine questions: What would the behaviour be with REVOKE? In a sequence similar to: GRANT ALL ON ... REVOKE pg_read_all_data FROM ... What privileges would the user be left with? Would it be possible to end up in the same privilege only with a GRANT command? Does the above scenario even make sense? Regards,
Commits
-
docs: Add command tags for SQL commands
- 8f6c11034976 14.0 landed
- f01727290fe0 15.0 landed
-
Add pg_read_all_data and pg_write_all_data roles
- 6c3ffd697e22 14.0 landed