Re: Add default role 'pg_access_server_files'
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Michael Paquier <michael@paquier.xyz>
Cc: Magnus Hagander <magnus@hagander.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2018-03-26T01:43:25Z
Lists: pgsql-hackers
Attachments
- add_default_role_access_server_files_v4-master.patch (text/x-diff) patch v4-0001
Greetings, * Michael Paquier (michael@paquier.xyz) wrote: > On Thu, Mar 08, 2018 at 10:15:11AM +0900, Michael Paquier wrote: > > Other than that the patch looks in pretty good shape to me. > > The regression tests of file_fdw are blowing up because of an error > string patch 2 changes. Fixed in the attached. Does anyone have an opinion regarding the adminpack functions? I was just reviewing the patch and considering if we should adjust the privileges there also and it seems like we should. That'd be a pretty straight-forward change, of course, so unless there's some reason not to then I'll see about providing an updated patch tomorrow which covers those functions as well. Note that it'll be a bit more complicated since we can't just remove the checks from the existing functions- we'll need to have new functions where the checks are removed and a new extension version that updates to the new functions and then REVOKE's access to them. Not a big deal, just pointing out that it's not quite as straight-forward since it's an extension and we need to deal with environments where the server's been upgraded and the .so changed, but the existing functions are still in place with their current public-execute rights. Thanks! Stephen
Commits
-
Add default roles for file/program access
- 0fdc8495bff0 11.0 landed
-
Remove explicit superuser checks in favor of ACLs
- e79350fef291 11.0 landed
-
Support new default roles with adminpack
- 11523e860f8f 11.0 landed