Re: Possible regression setting GUCs on \connect

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Alexander Korotkov <aekorotkov@gmail.com>, Amit Kapila <amit.kapila16@gmail.com>, Nathan Bossart <nathandbossart@gmail.com>, David Steele <david@pgmasters.net>, Pg Hackers <pgsql-hackers@postgresql.org>
Date: 2023-05-18T18:33:16Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes:
> This discussion made me go back and look at the commit in question. My
> opinion is that the feature as it was committed is quite hard to
> understand. The documentation for it said this: "Specifies that
> variable should be set on behalf of ordinary role." But what does that
> even mean? What's an "ordinary role"? What does "on behalf of" mean?

Yeah.  And even more to the point: how would the feature interact with
per-user grants of SET privilege?  It seems like it would have to ignore
or override that, which is not a conclusion I like at all.

I think that commit a0ffa885e pretty much nailed down the user interface
we want, and what remains is to work out how granting SET privilege
interacts with the time-delayed nature of ALTER USER/DATABASE SET.
But the answer to that does not seem difficult to me: remember who
issued the ALTER and see if they still have SET privilege at the time
we activate a particular entry.

			regards, tom lane



Commits

  1. Revert "Add USER SET parameter values for pg_db_role_setting"

  2. Fix wrong construct_array_builtin() call in GUCArrayDelete()

  3. In hstore_plpython, avoid crashing when return value isn't a mapping.

  4. Allow granting SET and ALTER SYSTEM privileges on GUC parameters.