Re: Possibility to disable `ALTER SYSTEM`

On Sun, Feb 11, 2024, at 14:58, Robert Haas wrote:
> It's not entirely clear to me what our wider vision is here. Some
> people seem to want a whole series of flags that can disable various
> things that the superuser might otherwise be able to do,

Yes, that's what bothers me a little with the idea of a special fix for this special case.

On Thu, Sep 7, 2023, at 22:27, Tom Lane wrote:
> If you nonetheless feel that that's a good idea for your use case,
> you can implement the restriction with an event trigger or the like.

On Fri, Sep 15, 2023, at 11:18, Daniel Gustafsson wrote:
>> On 11 Sep 2023, at 15:50, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>>
>> On Sat, Sep 9, 2023 at 5:14 PM Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> wrote:
>>>
>>> On 2023-Sep-08, Magnus Hagander wrote:
>>>
>>>> Now, it might be that you don't care at all about the *security* side
>>>> of the feature, and only care about the convenience side. But in that
>>>> case, the original suggestion from Tom of using an even trigger seems
>>>> like a fine enough solution?
>>>
>>> ALTER SYSTEM, like all system-wide commands, does not trigger event
>>> triggers. These are per-database only.
>>>
>>> https://www.postgresql.org/docs/16/event-trigger-matrix.html
>>
>> Hah, didn't think of that. And yes, that's a very good point. But one
>> way to fix that would be to actually make event triggers for system
>> wide commands, which would then be useful for other things as well...
>
> Wouldn't having system wide EVTs be a generic solution which could be the
> infrastructure for this requested change as well as others in the same area?

+1

I like the wider vision of providing the necessary infrastructure to provide a solution for the general case.

/Joel