Re: Add default role 'pg_access_server_files'
Thomas Munro <thomas.munro@enterprisedb.com>
From: Thomas Munro <thomas.munro@enterprisedb.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2018-01-12T01:58:12Z
Lists: pgsql-hackers
On Mon, Jan 1, 2018 at 8:19 AM, Stephen Frost <sfrost@snowman.net> wrote: > Greetings, > > This patch adds a new default role called 'pg_access_server_files' which > allows an administrator to GRANT to a non-superuser role the ability to > access server-side files through PostgreSQL (as the user the database is > running as). By itself, having this role allows a non-superuser to use > server-side COPY and to use file_fdw (if installed by a superuser and > GRANT'd USAGE on it). Hi Stephen, Not sure if you are aware of this failure? test file_fdw ... FAILED Because: ! ERROR: only superuser can change options of a file_fdw foreign table ... ! ERROR: only superuser or a member of the pg_access_server_files role can change options of a file_fdw foreign table -- Thomas Munro http://www.enterprisedb.com
Commits
-
Add default roles for file/program access
- 0fdc8495bff0 11.0 landed
-
Remove explicit superuser checks in favor of ACLs
- e79350fef291 11.0 landed
-
Support new default roles with adminpack
- 11523e860f8f 11.0 landed