Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Isaac Morland <isaac.morland@gmail.com>
Cc: Vik Fearing <vik@postgresfriends.org>, Robert Haas <robertmhaas@gmail.com>, Jeff Davis <pgsql@j-davis.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2021-11-08T19:11:57Z
Lists: pgsql-hackers
Greetings, * Isaac Morland (isaac.morland@gmail.com) wrote: > On Tue, 2 Nov 2021 at 19:00, Vik Fearing <vik@postgresfriends.org> wrote: > > On 11/2/21 11:14 PM, Vik Fearing wrote: > > > > > This would be nice, but there is nothing to hang our hat on: > > > > > > GRANT CHECKPOINT TO username; > > > > Thinking about this more, why don't we just add CHECKPOINT and > > NOCHECKPOINT attributes to roles? > > > > ALTER ROLE username WITH CHECKPOINT; > > At present, this would require adding a field to pg_authid. This isn't very > scalable; but we're already creating new pg_* roles which give access to > various actions so I don't know why a role attribute would be a better > approach. If anything, I think it would be more likely to move in the other > direction: replace role attributes that in effect grant privileges with > predefined roles. I think this has already been discussed here in the > context of CREATEROLE. Yes, much better to create predefined roles for this kind of thing and, ideally, move explicitly away from role attributes. Thanks, Stephen
Commits
-
Add pg_checkpointer predefined role for CHECKPOINT command.
- 4168a4745492 15.0 landed