| From: | Jeff Davis <pgsql(at)j-davis(dot)com> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> |
| Subject: | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |
| Date: | 2021-11-04 23:35:02 |
| Message-ID: | 8bf68314adb900c3b234f88b7fa9a93ba2b984eb.camel@j-davis.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 2021-11-04 at 15:46 -0700, Andres Freund wrote:
> What about extending GRANT to allow to grant rights on commands? Yes,
> it'd be
> a bit of work to make that work in the catalogs, but it doesn't seem
> too hard
> to tackle.
You mean for the CHECKPOINT command specifically, or for many commands?
If it only applies to CHECKPOINT, it seems like more net clutter than a
new predefined role.
But I don't see it generalizing to a lot of commands, either. I looked
at the list, and it's taking some creativity to think of more than a
couple other commands where it makes sense. Maybe LISTEN/NOTIFY? But
even then, there are three related commands: LISTEN, UNLISTEN, and
NOTIFY. Are those one privilege representing them all, two
(LISTEN/UNLISTEN, and NOTIFY), or three separate privileges?
Regards,
Jeff Davis
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2021-11-04 23:38:36 | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |
| Previous Message | Jeff Davis | 2021-11-04 23:23:34 | Re: Logical insert/update/delete WAL records for custom table AMs |