From: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
Cc: | Masahiko Sawada <msawada(at)postgresql(dot)org>, pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | Re: pgsql: Restrict accesses to non-system views and foreign tables during |
Date: | 2024-08-26 19:05:41 |
Message-ID: | CAD21AoCB1He62bgtUkgu8mkUtAJpHxC98SM6=oDqbRmLmdhE1g@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
On Mon, Aug 26, 2024 at 7:14 AM Peter Eisentraut <peter(at)eisentraut(dot)org> wrote:
>
> On 05.08.24 15:07, Masahiko Sawada wrote:
> > To address this, pg_dump now utilizes the newly introduced
> > restrict_nonsystem_relation_kind GUC parameter to restrict the
> > accesses to non-system views and foreign tables during the dump
> > process. This new GUC parameter is added to back branches too, but
> > these changes do not require cluster recreation.
>
> This documentation of this new parameter is a bit hard to understand.
> The description in guc_tables.c is
>
> "Sets relation kinds of non-system relation to restrict use"
>
> which is hard to understand even knowing what this setting is supposed
> to do.
>
> In config.sgml it says
>
> + This variable specifies relation kind to which access is restricted.
> + It contains a comma-separated list of relation kind. Currently, the
> + supported relation kinds are <literal>view</literal> and
> + <literal>foreign-table</literal>.
>
> This does not mention "system" or "non-system" at all.
>
> Also, the phrase "to which access is restricted" can be interpreted in
> two opposite ways:
>
> - access to those relations is prohibited
> - access is limited to those relations
>
> Also nothing anywhere clarifies what "restricted" means here, and the
> term introduces unnecessary ambiguity.
>
> Can we come up with some more precise and easier-to-understand language?
>
Maybe using the word "prohibit" makes it a bit clear? For example,
In guc_tables.c:
Prohibits access to non-system relations of specified kinds
In doc:
Set relation kinds of non-system relations to which access is
prohibited. It takes a comma-separated list of relation kinds.
Currently, the supported relation kinds are view and foreign-table.
Regards,
--
Masahiko Sawada
Amazon Web Services: https://aws.amazon.com
From | Date | Subject | |
---|---|---|---|
Next Message | Masahiko Sawada | 2024-08-26 23:17:53 | pgsql: Fix identation. |
Previous Message | Masahiko Sawada | 2024-08-26 18:00:56 | pgsql: Fix memory counter update in ReorderBuffer. |