On 04/22/2017 08:04 PM, chiru r wrote:
Use case: Want to control database privileges/default roles by creating roles instead of granting directly to users. So that we can manage database access control easily.
Which you can do. However, pg_basebackup is a cluster wide command not tied a particular database, so database privileges do not apply. You can still manage it by restricting the roles able to connect to 'replication' in pg_hba.conf and creating roles that match that have only the replication attribute. It is why the replication attribute was added to role creation.
Thanks, Chiru On Sat, Apr 22, 2017 at 10:03 PM, David G. Johnston <david.g.johnston@xxxxxxxxx <mailto:david.g.johnston@xxxxxxxxx>> wrote: On Saturday, April 22, 2017, chiru r <chirupg@xxxxxxxxx <mailto:chirupg@xxxxxxxxx>> wrote: Thank you Adrian. It seems the code is allowing only who has Superuser/Replication role directly. Is there any possibility in future releases they allow both case A & B Users able to use pg_basebackup. It does not seem wise to introduce inheritance of such powerful capabilities when for many years now we have not done so. It seems like reality could be better documented but the present behavior should stay. I also find the original choice to be quite sane regardless. David J.
-- Adrian Klaver adrian.klaver@xxxxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
