Thank you for your reply.
looking to create users(LOGIN) only and Grant all the privileges through roles like below.
Steps:
Create User
Create role
GRANT required privileges/default attributes(SUPERUSER,REPLICATION etc) to Role
GRANT role to Users.
So,If I follow above process I am not able to do pg_basebackup.
Now I have only options left either I have to use postgres user or create a user directly with replication role(Which we are not interested in).
In future is there possibility to allow a user(using above steps) to do pg_basebackup?.
Thanks,
Chiru
On Sun, Apr 23, 2017 at 12:10 AM, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:
On 04/22/2017 08:04 PM, chiru r wrote:
Use case: Want to control database privileges/default roles by creating
roles instead of granting directly to users.
So that we can manage database access control easily.
Which you can do. However, pg_basebackup is a cluster wide command not tied a particular database, so database privileges do not apply. You can still manage it by restricting the roles able to connect to 'replication' in pg_hba.conf and creating roles that match that have only the replication attribute. It is why the replication attribute was added to role creation.
Thanks,
Chiru
On Sat, Apr 22, 2017 at 10:03 PM, David G. Johnston
<david.g.johnston@xxxxxxxxx <mailto:david.g.johnston@gmail.com >> wrote:
On Saturday, April 22, 2017, chiru r <chirupg@xxxxxxxxx
<mailto:chirupg@xxxxxxxxx>> wrote:
Thank you Adrian.
It seems the code is allowing only who has Superuser/Replication
role directly.
Is there any possibility in future releases they allow both case
A & B Users able to use pg_basebackup.
It does not seem wise to introduce inheritance of such
powerful capabilities when for many years now we have not done so.
It seems like reality could be better documented but the present
behavior should stay. I also find the original choice to be quite
sane regardless.
David J.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
