Christopher Kings-Lynne <chriskl (AT) familyhealth (DOT) com.au> writes:
That brings up the whole business of just how super is a superuser,
and does it even make sense to try to design a "not quite superuser"
protection state. I'm not convinced that the usecatupd flag is so well
thought out that we should expose it for general use without some
consideration of alternative designs.

As an example, it might make more sense to create a separate flag bit
that simply grants the ability to add and delete users (non-superusers,
presumably), with none of the other attributes of a superuser. If I
recall your original concern properly, this would be a safer facility
for what you wanted to accomplish.

Only if you make it default to NOCATALOG, which is highly debatable in
my mind, since it is non-backwards-compatible.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

Tom Lane wrote:
I agree, this would be a more useful way to slice it up. Or maybe
someone wants to implement the SQL equivalent of "sudo".


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
(send "unregister YourEmailAddressHere" to majordomo (AT) postgresql (DOT) org)