Re: [HACKERS] unprivileged contrib and pl install

On Wed, 24 Jan 2007, Tom Lane wrote:

> Jeremy Drake <pgsql(at)jdrake(dot)com> writes:
> > On Wed, 24 Jan 2007, Jeremy Drake wrote:
> >> That would be great, and also it would be great to be able to CREATE
> >> LANGUAGE as a regular user for a trusted pl that is already
> >> compiled/installed.
>
> > Something like the attached (simple) change to allow CREATE LANGUAGE by
> > unprivileged users for trusted languages already present in pg_pltemplate.
>
> If it were merely a matter of removing an error check I think we would
> have done it already. However, pltemplate will have all the languages
> in it whether the DBA wants to allow them to be used or not; so I'd say
> that there really needs to be *some* sort of privilege check here.
> What that is and how to implement it are the hard parts.

So I guess it depends on what you mean by "DBA". Perhaps the database
owner? Or some new privilege type (GRANT CREATE ON LANGUAGE ...? Or GRANT
CREATE LANGUAGE ON DATABASE...?) that the db owner has by default?

--
7:30, Channel 5: The Bionic Dog (Action/Adventure)
The Bionic Dog drinks too much and kicks over the National
Redwood Forest.