Search Postgresql Archives

Re: Seeking practice recommendation: is there ever a use case to have two or more superusers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Nov 20, 2022 at 6:48 PM Bryn Llewellyn <bryn@xxxxxxxxxxxx> wrote:
I haven’t seen anything in the PG doc that warns against creating additional superusers—so I suppose that this fact tells me something. Nevertheless, I remain convinced about what I’d recommend here:

The default choice must be to allow only one superuser: the inevitable bootstrap superuser.

If you are talking about your specific setup then it isn't a recommendation, it's a policy that you are defining.  Do what you've concluded is best, you are the one that will end up answering for it.

IMO, there is no good blanket recommendation to give to someone else as to how their policy should be written.  Security, especially of this sort, needs to be architected.  And when doing that evaluation, and drawing those conclusions, there is no reason to exclude, a priori, having multiple named superusers as part of the final policy.  Especially since any policy of this requires not only discussion of PostgreSQL itself but operation systems, configuration management, etc....

David J.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux