From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
---|---|
To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com> |
Subject: | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |
Date: | 2021-11-05 13:13:11 |
Message-ID: | 202111051313.bjbxbz4w5g3b@alvherre.pgsql |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2021-Nov-04, Jeff Davis wrote:
> But I don't see it generalizing to a lot of commands, either. I looked
> at the list, and it's taking some creativity to think of more than a
> couple other commands where it makes sense. Maybe LISTEN/NOTIFY? But
> even then, there are three related commands: LISTEN, UNLISTEN, and
> NOTIFY. Are those one privilege representing them all, two
> (LISTEN/UNLISTEN, and NOTIFY), or three separate privileges?
What about things like CREATE SUBSCRIPTION/PUBLICATION? Sounds like it
would be useful to allow non-superusers do those, too.
That said, if the list is short, then additional predefined roles seem
preferrable to having a ton of infrastructure code that might be much
more clutter than what seems a short list of additional predefined roles.
--
Álvaro Herrera 39°49'30"S 73°17'W — https://www.EnterpriseDB.com/
"We're here to devour each other alive" (Hobbes)
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2021-11-05 13:33:55 | Re: pg14 psql broke \d datname.nspname.relname |
Previous Message | Robert Haas | 2021-11-05 12:54:37 | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |