| From: | Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Possibility to disable `ALTER SYSTEM` |
| Date: | 2023-09-08 11:31:16 |
| Message-ID: | CA+VUV5orbuGuu26XiCsiR8VV_bOg_8pOYaj6=+-=gHPjTgW8qA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Tom,
On Thu, 7 Sept 2023 at 22:27, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Gabriele Bartolini <gabriele(dot)bartolini(at)enterprisedb(dot)com> writes:
> > I would like to propose a patch that allows administrators to disable
> > `ALTER SYSTEM` via either a runt-time option to pass to the Postgres
> server
> > process at startup (e.g. `--disable-alter-system=true`, false by default)
> > or a new GUC (or even both), without changing the current default method
> of
> > the server.
>
> ALTER SYSTEM is already heavily restricted.
Could you please help me better understand what you mean here?
> I don't think we need random kluges added to the permissions system.
If you allow me, why do you think disabling ALTER SYSTEM altogether is a
random kluge? Again, I'd like to better understand this position. I've
personally been in many conversations on the security side of things for
Postgres in Kubernetes environments, and this is a frequent concern by
users who request that changes to the Postgres system (not a database)
should only be done declaratively and prevented from within the system.
Thanks,
Gabriele
--
Gabriele Bartolini
Vice President, Cloud Native at EDB
enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kohei KaiGai | 2023-09-08 12:25:17 | Re: Using non-grouping-keys at HAVING clause |
| Previous Message | Amit Kapila | 2023-09-08 11:23:32 | Re: [PoC] pg_upgrade: allow to upgrade publisher node |