| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Michael Paquier <michael(at)paquier(dot)xyz> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, Justin Pryzby <pryzby(at)telsasoft(dot)com>, Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: add \dpS to psql |
| Date: | 2022-12-09 18:44:11 |
| Message-ID: | 20221209184411.GB59417@nathanxps13 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Dec 09, 2022 at 10:40:55AM -0800, Nathan Bossart wrote:
> On Fri, Dec 09, 2022 at 01:36:03PM +0900, Michael Paquier wrote:
>> On Thu, Dec 08, 2022 at 09:15:03AM -0800, Nathan Bossart wrote:
>>> The main idea behind this work is breaking out privileges into more
>>> granular pieces. If I want to create a role that only runs VACUUM on some
>>> tables on the weekend, why ѕhould I have to also give it the ability to
>>> ANALYZE, REFRESH, CLUSTER, and REINDEX? IMHO we should really let the user
>>> decide what set of privileges makes sense for their use-case. I'm unsure
>>> the grouping all these privileges together serves much purpose besides
>>> preserving ACL bits.
>>
>> Hmm. I'd like to think that we should keep a frugal mind here. More
>> bits are now available, but it does not strike me as a good idea to
>> force their usage more than necessary, so grouping all these no-quite
>> DDL commands into the same bag does not sound that bad to me.
>
> Okay, it seems I am outnumbered. I will work on updating the patch to add
> an ACL_MAINTAIN bit and a pg_maintain_all_tables predefined role.
Any thoughts on $SUBJECT?
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Paul Ramsey | 2022-12-09 18:51:53 | Re: [PATCH] random_normal function |
| Previous Message | Nathan Bossart | 2022-12-09 18:40:55 | Re: add \dpS to psql |