Odd pg_tde question: Using the Ubuntu 16.0.1.pgdg.04+11 software and the the pgted-pgdg16.deb package, I can load the extension as user postgres but not as a superuser enabled user. The ‘superuser’ use can not see the extension after it has been loaded by postgres. Is this to be expected? Is there any way to make the extension available for all users? Thanks!
1 Like
There have been recent changes made in ROLE privileges that may have an effect on this matter.
- Role inheritance now controls the default inheritance status of member roles added during
GRANT
(Robert Haas) - The role’s default inheritance behavior can be overridden with the new
GRANT ... WITH INHERIT
clause. This allows inheritance of some roles and not others because the members’ inheritance status is set atGRANT
time. Previously the inheritance status of member roles was controlled only by the role’s inheritance status, and changes to a role’s inheritance status affected all previous and future member roles. - Restrict the privileges of
CREATEROLE
and its ability to modify other roles (Robert Haas) - Previously roles with
CREATEROLE
privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to haveADMIN OPTION
permission. For example, they can now change theCREATEDB
,REPLICATION
, andBYPASSRLS
properties only if they also have those permissions.
I now have it working. Thanks!
1 Like