Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag

Hi,

On 10/5/23 2:21 PM, Bharath Rupireddy wrote:
> On Thu, Oct 5, 2023 at 12:22 PM Drouvot, Bertrand
> <bertranddrouvot(dot)pg(at)gmail(dot)com> wrote:
>>
> A comment on v6-0002:
> 1.
> + CREATE ROLE nologrole with nologin;
> + ALTER ROLE nologrole with superuser;
> +]);
> We don't need superuser privileges here, do we? Or do we need it for
> the worker_spi to access pg_catalog and stuff in worker_spi_main? If
> not, can we remove it to showcase non-superusers requesting bg
> workers?

superuser is not needed here.
I removed it but had to change it in v7 attached to:

+ CREATE ROLE nologrole with nologin;
+ GRANT CREATE ON DATABASE mydb TO nologrole;

To avoid things like:

"
2023-10-05 15:59:39.189 UTC [2830732] LOG: worker_spi dynamic worker 13 initialized with schema13.counted
2023-10-05 15:59:39.191 UTC [2830732] ERROR: permission denied for database mydb
2023-10-05 15:59:39.191 UTC [2830732] CONTEXT: SQL statement "CREATE SCHEMA "schema13" CREATE TABLE "counted"
"

Regards,

--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com