Re: Granting SET and ALTER SYSTE privileges for GUCs

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Andrew Dunstan <andrew@dunslane.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Mark Dilger <mark.dilger@enterprisedb.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2021-11-17T17:05:53Z
Lists: pgsql-hackers
On Wed, Nov 17, 2021 at 9:31 AM Andrew Dunstan <andrew@dunslane.net> wrote:
> Well, I was trying (perhaps not very well) to imagine how to deal with
> someone modifying the permissions of one of the predefined roles. Say
> pg_foo has initial permission to set bar and baz, and the DBA removes
> permission to set baz. How is pg_dump going to emit the right commands
> to allow a safe pg_upgrade? Maybe we should say that the permissions for
> the predefined roles are immutable, so only permissions sets for user
> defined roles are mutable.

That's a great question, but it isn't a new problem. If I create a
brand new database and do thIs:

rhaas=# revoke execute on function pg_ls_waldir() from pg_monitor;
REVOKE

And then I do this:

[rhaas pgsql]$ pg_dump

Then the output includes this:

REVOKE ALL ON FUNCTION pg_catalog.pg_ls_waldir(OUT name text, OUT size
bigint, OUT modification timestamp with time zone) FROM pg_monitor;

I recommend looking at how that works and making this work the same way.

-- 
Robert Haas
EDB: http://www.enterprisedb.com



Commits

  1. Allow granting SET and ALTER SYSTEM privileges on GUC parameters.