Re: Additional role attributes && superuser review

On 15/10/14 07:22, Stephen Frost wrote:
>
> First though, the new privileges, about which the bikeshedding can
> begin, short-and-sweet format:
>
> BACKUP:
> pg_start_backup()
> pg_stop_backup()
> pg_switch_xlog()
> pg_create_restore_point()

As others have commented, I too think this should support pg_dump.

>
> For posterity's sake, here's my review and comments on the various
> existing superuser checks in the backend (those not addressed above):
>
> CREATE EXTENSION
> This could be a role attribute as the others above, but I didn't
> want to try and include it in this patch as it has a lot of hairy
> parts, I expect.

Yeah it will, mainly because extensions can load modules and can have
untrusted functions, we might want to limit which extensions are
possible to create without being superuser.

>
> tcop/utility.c
> LOAD (load shared library)
>

This already somewhat handles non-superuser access. You can do LOAD as
normal user as long as the library is in $libdir/plugins directory so it
probably does not need separate role attribute (might be somehow useful
in combination with CREATE EXTENSION though).

>
> commands/functioncmds.c
> create untrusted-language functions
>

I often needed more granularity there (plproxy).

>
> commands/functioncmds.c
> execute DO blocks with untrusted languages
>

I am not sure if this is significantly different from untrusted-language
functions.

--
Petr Jelinek http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services