Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>,
Jeff Davis <pgsql@j-davis.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2021-10-25T17:51:56Z
Lists: pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes: > Independent of other things, getting to the point where everything can > be done in the database without the need for superuser is absolutely a > good goal to be striving for, not something to be avoiding. > I don't think that makes superuser become 'dummy', but perhaps the > only explicit superuser check we end up needing is "superuser is a > member of all roles". That would be a very cool end state. I'm not entirely following how that's going to work. It implies that there is some allegedly-not-superuser role that has the ability to become superuser -- either within SQL or by breaking out to the OS -- because certainly a superuser can do those things. I don't think we're serving any good purpose by giving people the impression that roles with such permissions are somehow not superuser-equivalent. Certainly, the providers who don't want to give users superuser are just going to need a longer list of roles they won't give access to (and they probably won't be pleased about having to vet every predefined role carefully). regards, tom lane
Commits
-
Add pg_checkpointer predefined role for CHECKPOINT command.
- 4168a4745492 15.0 landed