Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.

Andres Freund <andres@anarazel.de>

From: Andres Freund <andres@anarazel.de>
To: Stephen Frost <sfrost@snowman.net>
Cc: Robert Haas <robertmhaas@gmail.com>, Jeff Davis <pgsql@j-davis.com>, "Bossart, Nathan" <bossartn@amazon.com>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2021-11-08T17:33:25Z
Lists: pgsql-hackers
Hi,

On 2021-11-08 12:23:18 -0500, Stephen Frost wrote:
> If we're actually worried about catalog corruption (and, frankly, I've
> got some serious doubts that jumping in and running CHECKPOINT; by hand
> is a great idea if there's such active corruption)

I've been there when recovering from corruption.


> though I continue to feel like the function based approach is better.

I think it's a somewhat ugly hack.


> then we must use such an approach no matter how we allow non-superusers to
> run the command because any approach to that necessarily involves some
> amount of catalog access.

As long as there's no additional catalog access when the user is known to be a
superuser, then I think it's fine. There's a difference between doing one
pg_authid read for superuser - with a fallback to automatically assuming a
user if one couldn't be found - and doing a full pg_proc read with several
subsidiary pg_type reads etc.

Greetings,

Andres Freund



Commits

  1. Add pg_checkpointer predefined role for CHECKPOINT command.