| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
| Cc: | Vik Fearing <vik(at)postgresfriends(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |
| Date: | 2021-11-08 19:11:57 |
| Message-ID: | 20211108191157.GM20998@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Isaac Morland (isaac(dot)morland(at)gmail(dot)com) wrote:
> On Tue, 2 Nov 2021 at 19:00, Vik Fearing <vik(at)postgresfriends(dot)org> wrote:
> > On 11/2/21 11:14 PM, Vik Fearing wrote:
> >
> > > This would be nice, but there is nothing to hang our hat on:
> > >
> > > GRANT CHECKPOINT TO username;
> >
> > Thinking about this more, why don't we just add CHECKPOINT and
> > NOCHECKPOINT attributes to roles?
> >
> > ALTER ROLE username WITH CHECKPOINT;
>
> At present, this would require adding a field to pg_authid. This isn't very
> scalable; but we're already creating new pg_* roles which give access to
> various actions so I don't know why a role attribute would be a better
> approach. If anything, I think it would be more likely to move in the other
> direction: replace role attributes that in effect grant privileges with
> predefined roles. I think this has already been discussed here in the
> context of CREATEROLE.
Yes, much better to create predefined roles for this kind of thing and,
ideally, move explicitly away from role attributes.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Dilger | 2021-11-08 19:22:31 | Re: CREATE ROLE IF NOT EXISTS |
| Previous Message | Stephen Frost | 2021-11-08 19:04:05 | Re: Allow root ownership of client certificate key |