I want to allow a non-superuser to alter objects owned by another user. This should be an audited operation (logging a notice of what was done to the postgres logs is sufficient). This is so that I can allow trusted users to perform maintenance operations without having to give them either superuser privilege, or the password for the object owner account. This should allow us to satisfy an outside auditor that no-one outside of the sysadmin group has unrestricted (ie unaudited) superuser access. I had hoped to implement this using set session authorization within a security-definer plpgsql function but security-definer is inadequate for passing on superuser status. Does anyone have any suggestions? My current thinking is to implement a C language function which is only accessible to my trusted users. This would simply call SetSessionAuthorization with the is_superuser argument set to true. Is this a horrible idea? Thanks. __ Marc
Attachment:
signature.asc
Description: This is a digitally signed message part
