Re: superusers are members of all roles?

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, Andrew Dunstan <andrew@dunslane.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-04-07T14:14:39Z
Lists: pgsql-hackers
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> The problem here is that if Andrew had had the opposite case (a
> positive-logic hba entry requiring membership in some group to get into
> a database), and that had locked out superusers, he'd be on the warpath
> about that too.  And with a lot more reason.

I disagree about this.  I don't feel that the 'superuser is a member of
every role' behavior is what's really crucial here, it's that a
superuser can 'set role' to any other role and can grant/revoke
role memberships, and read every table, etc.

The fact that we're doing that by making the superuser be a member of
every role feels more like an implementation detail- one which has now
bitten us because it's affecting things that it really shouldn't.  The
'+group' list should be derivable from pg_auth_members and not include
'implicit' roles.

	Thanks,

		Stephen