| From: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
|---|---|
| To: | Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joe Conway <joe(at)crunchydata(dot)com> |
| Subject: | Re: Granting SET and ALTER SYSTE privileges for GUCs |
| Date: | 2021-12-16 17:53:45 |
| Message-ID: | 0A3D3CBA-6548-4C9E-9F46-59D5C51A1F31@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Dec 16, 2021, at 7:43 AM, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com> wrote:
>
> Ah, I understand now. Would it be possible to pass the
> SettingAclRelationId if it exists or InvalidOid if not?
SettingAclRelationId is always defined, so we can always pass that value. But the settingId itself may sometimes be InvalidOid.
> That way if a
> MAC implementation cares about a particular GUC it'll ensure it's in
> pg_setting_acl.
A much cleaner solution would be to create new ObjectAccessTypes with a corresponding new Invoke macro and Run function. Those could take setting names, not Oids, and include additional information about whether the operation is SET, RESET or ALTER SYSTEM, what the new value is (if any), what kind of setting it is (bool, int, ...), etc. I don't think such a patch would even be all that hard to write.
What do you think?
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2021-12-16 17:54:59 | Re: Column Filtering in Logical Replication |
| Previous Message | Thomas Munro | 2021-12-16 17:34:43 | Re: Apple's ranlib warns about protocol_openssl.c |