Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.

Jeff Davis <pgsql@j-davis.com>

From: Jeff Davis <pgsql@j-davis.com>
To: Andres Freund <andres@anarazel.de>
Cc: Robert Haas <robertmhaas@gmail.com>, Stephen Frost <sfrost@snowman.net>, "Bossart, Nathan" <bossartn@amazon.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>
Date: 2021-11-04T23:35:02Z
Lists: pgsql-hackers
On Thu, 2021-11-04 at 15:46 -0700, Andres Freund wrote:
> What about extending GRANT to allow to grant rights on commands? Yes,
> it'd be
> a bit of work to make that work in the catalogs, but it doesn't seem
> too hard
> to tackle.

You mean for the CHECKPOINT command specifically, or for many commands?

If it only applies to CHECKPOINT, it seems like more net clutter than a
new predefined role.

But I don't see it generalizing to a lot of commands, either. I looked
at the list, and it's taking some creativity to think of more than a
couple other commands where it makes sense. Maybe LISTEN/NOTIFY? But
even then, there are three related commands: LISTEN, UNLISTEN, and
NOTIFY. Are those one privilege representing them all, two
(LISTEN/UNLISTEN, and NOTIFY), or three separate privileges?

Regards,
	Jeff Davis





Commits

  1. Add pg_checkpointer predefined role for CHECKPOINT command.