Re: Orphaned users in PG16 and above can only be managed by Superusers
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Tomas Vondra <tomas@vondra.me>, Ashutosh Sharma <ashu.coek88@gmail.com>, Robert Haas <robertmhaas@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-01-24T16:01:42Z
Lists: pgsql-hackers
On Thu, Jan 23, 2025 at 03:10:16PM -0500, Tom Lane wrote: > That line of reasoning leads to the same conclusion, that another > built-in role might be a suitable solution --- unless said role is > so powerful that the service providers might want to block access > to it too. Probably limiting it to manage non-superuser roles is > good enough for that, but I'm not quite sure. IMHO it's reasonable to expect service providers to adjust the predefined roles if the stock limitations are not sufficient for them. -- nathan