| From: | Chapman Flack <chap(at)anastigmatix(dot)net> |
|---|---|
| To: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Granting control of SUSET gucs to non-superusers |
| Date: | 2021-05-01 16:37:16 |
| Message-ID: | 608D83BC.7060101@anastigmatix.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 05/01/21 12:13, Mark Dilger wrote:
> Extra syntax for use by the service provider seems much easier to justify.
>
> If the service provider can install extra role-aware check_hooks for gucs,
> and if the include directive for postgresql.conf can specify a role under
> which a postgresql.conf.tenant file is processed, then the tenant can port
> their application and their config file and the only things that should break
> are those things the provider has intentionally prohibited.
Maybe version 0 is where the provider just builds a shared object
to go in shared_preload_libraries. The provider has probably already
done a bunch of other stuff more challenging than that.
The GUC system would have to expose a way for the shared object to
chain extra_check_hooks off existing GUCs. An extra_check_hook can check
both the value and the role of the caller.
The configfile syntax for include-with-a-role would be the only other
missing piece.
Version 0.5 is maybe where someone contributes code for such a shared
object that is somewhat general and configured by a yaml file, or
something. (That would probably be easier if an extra_check_hook accepts
the usual void *extra context argument that existing GUC hooks don't.)
Regards,
-Chap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Zhihong Yu | 2021-05-01 16:43:36 | Re: Dump public schema ownership & seclabels |
| Previous Message | Zhihong Yu | 2021-05-01 16:27:16 | Re: Transactions involving multiple postgres foreign servers, take 2 |