Re: New default role- 'pg_read_all_data'

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Magnus Hagander <magnus@hagander.net>
Cc: PostgreSQL Developers <pgsql-hackers@lists.postgresql.org>
Date: 2020-08-28T12:38:48Z
Lists: pgsql-hackers
Greetings,

* Magnus Hagander (magnus@hagander.net) wrote:
> Without having actually looked at the code, definite +1 for this feature.
> It's much requested...

Thanks.

> But, should we also have a pg_write_all_data to go along with it?

Perhaps, but could certainly be a different patch, and it'd need to be
better defined, it seems to me...  read_all is pretty straight-forward
(the general goal being "make pg_dumpall/pg_dump work"), what would
write mean?  INSERT?  DELETE?  TRUNCATE?  ALTER TABLE?  System catalogs?

Doesn't seem like you could just declare it to be 'allow pg_restore'
either, as that might include creating untrusted functions, et al.

Thanks,

Stephen

Commits

  1. docs: Add command tags for SQL commands

  2. Add pg_read_all_data and pg_write_all_data roles