Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.

Nathan Bossart <bossartn@amazon.com>

From: "Bossart, Nathan" <bossartn@amazon.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, Jeff Davis <pgsql@j-davis.com>, Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2021-11-01T18:38:14Z
Lists: pgsql-hackers
On 11/1/21, 10:43 AM, "Stephen Frost" <sfrost@snowman.net> wrote:
> Folks playing around in the catalog can break lots of things, I don't
> really see this as an argument against the idea.
>
> I do wonder if we should put a bit more effort into preventing people
> from messing with functions and such in pg_catalog.  Being able to do
> something like:
>
> create or replace function xpath ( text, xml ) returns xml[]
> as $$ begin return 'xml'; end; $$ language plpgsql;
>
> (or with much worse functions..) strikes me as just a bit too easy to
> mistakenly cause problems as a superuser.  Still, that's really an
> independent issue from this discussion.  It's not like someone breaking
> CHECKPOINT; would actually impact normal checkpoints anyway.

Yeah, I see your point.

Nathan

Commits

  1. Add pg_checkpointer predefined role for CHECKPOINT command.