Postgresql TDE - question on using encryption

Odd pg_tde question: Using the Ubuntu 16.0.1.pgdg.04+11 software and the the pgted-pgdg16.deb package, I can load the extension as user postgres but not as a superuser enabled user. The ‘superuser’ use can not see the extension after it has been loaded by postgres. Is this to be expected? Is there any way to make the extension available for all users? Thanks!

1 Like

There have been recent changes made in ROLE privileges that may have an effect on this matter.

  • Role inheritance now controls the default inheritance status of member roles added during GRANT (Robert Haas)
  • The role’s default inheritance behavior can be overridden with the new GRANT ... WITH INHERIT clause. This allows inheritance of some roles and not others because the members’ inheritance status is set at GRANT time. Previously the inheritance status of member roles was controlled only by the role’s inheritance status, and changes to a role’s inheritance status affected all previous and future member roles.
  • Restrict the privileges of CREATEROLE and its ability to modify other roles (Robert Haas)
  • Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION permission. For example, they can now change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions.

I now have it working. Thanks!

1 Like