Re: Granting SET and ALTER SYSTE privileges for GUCs

Andrew Dunstan <andrew@dunslane.net>

From: Andrew Dunstan <andrew@dunslane.net>
To: Tom Lane <tgl@sss.pgh.pa.us>, Mark Dilger <mark.dilger@enterprisedb.com>
Cc: Robert Haas <robertmhaas@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2021-11-17T14:31:40Z
Lists: pgsql-hackers
On 11/16/21 17:12, Tom Lane wrote:
>
>>> To support pg_dump and pg_upgrade, it might be better to have an
>>> enabled/disabled flag rather than to delete rows.
>> I'm not really sure what this means.
> I didn't see the point of this either.  We really need to KISS here.
> Every bit of added complexity in the catalog representation is another
> opportunity for bugs-of-omission, not to mention a detail that you
> have to provide mechanisms to dump and restore.
>
> 			


Well, I was trying (perhaps not very well) to imagine how to deal with
someone modifying the permissions of one of the predefined roles. Say
pg_foo has initial permission to set bar and baz, and the DBA removes
permission to set baz. How is pg_dump going to emit the right commands
to allow a safe pg_upgrade? Maybe we should say that the permissions for
the predefined roles are immutable, so only permissions sets for user
defined roles are mutable.


cheers


andrew

-- 

Andrew Dunstan
EDB: https://www.enterprisedb.com




Commits

  1. Allow granting SET and ALTER SYSTEM privileges on GUC parameters.