| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Justin Pryzby <pryzby(at)telsasoft(dot)com>, Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: add \dpS to psql |
| Date: | 2022-12-09 18:40:55 |
| Message-ID: | 20221209184055.GA59417@nathanxps13 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Dec 09, 2022 at 01:36:03PM +0900, Michael Paquier wrote:
> On Thu, Dec 08, 2022 at 09:15:03AM -0800, Nathan Bossart wrote:
>> The main idea behind this work is breaking out privileges into more
>> granular pieces. If I want to create a role that only runs VACUUM on some
>> tables on the weekend, why ѕhould I have to also give it the ability to
>> ANALYZE, REFRESH, CLUSTER, and REINDEX? IMHO we should really let the user
>> decide what set of privileges makes sense for their use-case. I'm unsure
>> the grouping all these privileges together serves much purpose besides
>> preserving ACL bits.
>
> Hmm. I'd like to think that we should keep a frugal mind here. More
> bits are now available, but it does not strike me as a good idea to
> force their usage more than necessary, so grouping all these no-quite
> DDL commands into the same bag does not sound that bad to me.
Okay, it seems I am outnumbered. I will work on updating the patch to add
an ACL_MAINTAIN bit and a pg_maintain_all_tables predefined role.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2022-12-09 18:44:11 | Re: add \dpS to psql |
| Previous Message | Mark Dilger | 2022-12-09 18:39:22 | Re: [PATCH] random_normal function |