Re: Default Roles (was: Additional role attributes)

Fujii,

* Fujii Masao (masao(dot)fujii(at)gmail(dot)com) wrote:
> he documents of the functions which the corresponding default roles
> are added by this patch need to be updated. For example, the description
> of pg_xlog_replay_pause() says "Pauses recovery immediately (restricted
> to superusers).". I think that the description needs to mention
> the corresponding default role "pg_replay". Otherwise, it's difficult for
> users to see which default role is related to the function they want to use.
> Or probably we can add the table explaining all the relationships between
> default roles and corresponding operations. And it's useful.

Certainly, totally agree that we need to make it clear in the function
descriptions also.

> Why do we allow users to change the attributes of default roles?
> For example, ALTER ROLE default_role or GRANT ... TO default_role.
> Those changes are not dumped by pg_dumpall. So if users change
> the attributes for some reasons but they disappear via pg_dumpall,
> maybe the system goes into unexpected state.

Good point. I'm fine with simply disallowing that completely; does
anyone want to argue that we should allow superusers to ALTER or GRANT
to these roles? I have a hard time seeing the need for that and it
could make things quite ugly.

> I think that it's better to allow the roles with pg_monitor to
> execute pgstattuple functions. They are usually used for monitoring.
> Thought?

Possibly, but I'd need to look at them more closely than I have time to
right now. Can you provide a use-case? That would certainly help.
Also, we are mostly focused on things which are currently superuser-only
capabilities, if you don't need to be superuser today then the
monitoring system could be granted access using the normal mechanisms.
Actually logging systems won't log in directly as "pg_monitor" anyway,
they'll log in as "nagios" or similar, which has been GRANT'd
"pg_monitor" and could certainly be GRANT'd other rights also.

Thanks!

Stephen