Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.
Jeff Davis <pgsql@j-davis.com>
From: Jeff Davis <pgsql@j-davis.com>
To: Andres Freund <andres@anarazel.de>
Cc: Robert Haas <robertmhaas@gmail.com>, Stephen Frost <sfrost@snowman.net>,
"Bossart, Nathan" <bossartn@amazon.com>, "pgsql-hackers@postgresql.org"
<pgsql-hackers@postgresql.org>, Alvaro Herrera <alvherre@alvh.no-ip.org>,
Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>
Date: 2021-11-04T23:35:02Z
Lists: pgsql-hackers
On Thu, 2021-11-04 at 15:46 -0700, Andres Freund wrote: > What about extending GRANT to allow to grant rights on commands? Yes, > it'd be > a bit of work to make that work in the catalogs, but it doesn't seem > too hard > to tackle. You mean for the CHECKPOINT command specifically, or for many commands? If it only applies to CHECKPOINT, it seems like more net clutter than a new predefined role. But I don't see it generalizing to a lot of commands, either. I looked at the list, and it's taking some creativity to think of more than a couple other commands where it makes sense. Maybe LISTEN/NOTIFY? But even then, there are three related commands: LISTEN, UNLISTEN, and NOTIFY. Are those one privilege representing them all, two (LISTEN/UNLISTEN, and NOTIFY), or three separate privileges? Regards, Jeff Davis
Commits
-
Add pg_checkpointer predefined role for CHECKPOINT command.
- 4168a4745492 15.0 landed