| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
| Cc: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, bossartn(at)amazon(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Allow pg_signal_backend members to use pg_log_backend_memory_stats(). |
| Date: | 2021-10-25 07:10:15 |
| Message-ID: | YXZYVw7JF0mNtPue@paquier.xyz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Oct 24, 2021 at 08:31:37PM -0700, Jeff Davis wrote:
> The current patch doesn't allow members of pg_signal_backend to rotate
> the log file.
>
> Do you think pg_signal_backend is the wrong group to allow usage of
> pg_log_backend_memory_contexts()? Alternatively, it could simply not
> GRANT anything, and leave that up to the administrator to choose who
> can use it.
Hmm. Why don't you split the patch into two parts that can be
discussed separately then? There would be one to remove all the
superuser() checks you can think of, and a potential second to grant
those function's execution to some system role.
FWIW, if the barrier between a role and a function is thin, perhaps
we'd better just limit ourselves to the removal of the superuser()
checks for now rather than trying to plug more groups into the
functions. When I have dealt with such issues in the past, I tend to
just do the superuser()/REVOKE part without more GRANTs or even more
system roles, as this is enough to give room to users to do what they
want with their clusters. And this is a no-brainer.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ronan Dunklau | 2021-10-25 07:15:32 | Re: pg_receivewal starting position |
| Previous Message | Amul Sul | 2021-10-25 07:04:23 | Re: [Patch] ALTER SYSTEM READ ONLY |