Re: Streaming replication as a separate permissions

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Magnus Hagander <magnus@hagander.net>, Peter Eisentraut <peter_e@gmx.net>, Stephen Frost <sfrost@snowman.net>, Florian Pflug <fgp@phlo.org>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2011-01-03T16:20:38Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Allow Win32 to compile under MinGW. Major changes are:

Robert Haas <robertmhaas@gmail.com> writes:
> On the other hand, the REPLICATION privilege is denying you the right to
> perform an operation *even though you already are authenticated as a
> superuser*.  I don't think there's anywhere else in the system where
> we allow a privilege to non-super-users but deny that same privilege
> to super-users, and I don't think we should be starting now.

You might want to reflect on rolcatupdate a bit before asserting that
there are no cases where privileges are ever denied to superusers.

However, that precedent would suggest that the default should be to
grant the replication bit to superusers.

			regards, tom lane