Re: superusers are members of all roles?
Andrew Dunstan <andrew@dunslane.net>
From: Andrew Dunstan <andrew@dunslane.net>
To: Stephen Frost <sfrost@snowman.net>
Cc: Bruce Momjian <bruce@momjian.us>, Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers@postgresql.org
Date: 2011-09-12T03:29:59Z
Lists: pgsql-hackers
On 09/11/2011 10:32 PM, Stephen Frost wrote: > * Andrew Dunstan (andrew@dunslane.net) wrote: >>> Address problem where superusers are assumed to be members of all groups >>> >>> http://archives.postgresql.org/pgsql-hackers/2011-04/msg00337.php >> This turns out to be a one-liner. > I really don't know that I agree with removing this, to be honest.. I > haven't got time at the moment to really discuss it, but at the very > least, not being able to 'set role' to any user when postgres would be > REALLY annoying.. > > It's NOT changing that. All this affects is how +groupname is treated in pg_hba.conf, i.e. do we treat every superuser there as being a member of every group. cheers andrew