Search Postgresql Archives

RE: PG13 Trusted Extension usability issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tom Lane <tgl@xxxxxxxxxxxxx> wrote on 2020/06/26 02:47:25 PM:

> From: Tom Lane <tgl@xxxxxxxxxxxxx>

> To: "Brad Nicholson" <bradn@xxxxxxxxxx>
> Cc: pgsql-general@xxxxxxxxxxxxxxxxxxxx
> Date: 2020/06/26 02:51 PM
> Subject: [EXTERNAL] Re: PG13 Trusted Extension usability issue
>
> "Brad Nicholson" <bradn@xxxxxxxxxx> writes:
> > First, as a long time user of the pgextwlist extension, I'm happy to see
> > this functionality appearing in core.  However, as a long term user of that
> > extension, I can say that ability to create an extension as a non-super
> > user is pretty limited in itself in a lot of cases.  Many extensions both
> > in contrib and external ones (like PostGIS for example) don't give
> > appropriate permissions to actually use the extension.
>
> > Taking postgresql_fdw as an example.
>
> I'm confused about your point here.  postgresql_fdw has intentionally
> *not* been marked trusted.  That's partly because it doesn't seem like
> outside-the-database access is something we want to allow by default,
> but it's also the case that there are inside-the-database permissions
> issues.


Ah - I misread the docs.  Specifically I read this:

"For many extensions this means superuser privileges are needed. However, if the extension is marked trusted in its control file, then it can be installed by any user who has CREATE privilege on the current database"

To mean that you could mark any extension as trusted in the control file to allow non-superuser installation.

Thanks,
Brad


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux