Re: New default role- 'pg_read_all_data'

Stephen Frost <sfrost@snowman.net>

From: Stephen Frost <sfrost@snowman.net>
To: Gilles Darold <gilles@darold.net>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2020-08-28T17:25:32Z
Lists: pgsql-hackers
Greetings,

* Gilles Darold (gilles@darold.net) wrote:
> Le 28/08/2020 à 16:52, Stephen Frost a écrit :
> >Using an FDW will often also require having a user mapping and there's
> >no way for that to be accomplished through only GRANT'ing a default
> >role, so I don't think we should mix this specific role with the FDW
> >permissions system.
> 
> I'm fine with that, perhaps it should be mentioned in the documentation that
> foreign tables are not covered by this role.

We could say it doesn't GRANT CONNECT rights on databases, or EXECUTE on
functions too, but that doesn't seem like a terribly good approach for
the documentation to take- instead we document specifically what IS
included, which seems sufficiently clear to me.

Thanks,

Stephen

Commits

  1. docs: Add command tags for SQL commands

  2. Add pg_read_all_data and pg_write_all_data roles