Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Isaac Morland <isaac(dot)morland(at)gmail(dot)com>
Cc: Vik Fearing <vik(at)postgresfriends(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.
Date: 2021-11-08 19:11:57
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Isaac Morland (isaac(dot)morland(at)gmail(dot)com) wrote:
> On Tue, 2 Nov 2021 at 19:00, Vik Fearing <vik(at)postgresfriends(dot)org> wrote:
> > On 11/2/21 11:14 PM, Vik Fearing wrote:
> >
> > > This would be nice, but there is nothing to hang our hat on:
> > >
> > > GRANT CHECKPOINT TO username;
> >
> > Thinking about this more, why don't we just add CHECKPOINT and
> > NOCHECKPOINT attributes to roles?
> >
> At present, this would require adding a field to pg_authid. This isn't very
> scalable; but we're already creating new pg_* roles which give access to
> various actions so I don't know why a role attribute would be a better
> approach. If anything, I think it would be more likely to move in the other
> direction: replace role attributes that in effect grant privileges with
> predefined roles. I think this has already been discussed here in the
> context of CREATEROLE.

Yes, much better to create predefined roles for this kind of thing and,
ideally, move explicitly away from role attributes.



In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Mark Dilger 2021-11-08 19:22:31 Re: CREATE ROLE IF NOT EXISTS
Previous Message Stephen Frost 2021-11-08 19:04:05 Re: Allow root ownership of client certificate key