Re: Orphaned users in PG16 and above can only be managed by Superusers

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Tomas Vondra <tomas@vondra.me>, Ashutosh Sharma <ashu.coek88@gmail.com>, Robert Haas <robertmhaas@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-01-24T16:01:42Z
Lists: pgsql-hackers
On Thu, Jan 23, 2025 at 03:10:16PM -0500, Tom Lane wrote:
> That line of reasoning leads to the same conclusion, that another
> built-in role might be a suitable solution --- unless said role is
> so powerful that the service providers might want to block access
> to it too.  Probably limiting it to manage non-superuser roles is
> good enough for that, but I'm not quite sure.

IMHO it's reasonable to expect service providers to adjust the predefined
roles if the stock limitations are not sufficient for them.

-- 
nathan