Re: Granting SET and ALTER SYSTE privileges for GUCs

> On Nov 16, 2021, at 7:03 AM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> It's also going to be important to think about what happens with
> extension GUCs. If somebody installs an extension, we can't ask them
> to perform a manual step in order to be able to grant privileges. And
> if somebody then loads up a different .so for that extension, the set
> of GUCs that it provides can change without any DDL being executed.
> New GUCs could appear, and old GUCs could vanish.

The v3 patch allows grants on unrecognized guc names. This should allow a grant statement to precede the loading of a new .so which provides the named guc.

> instead just adjust the GRANT command to automatically insert a new
> row into the relevant catalog if there isn't one already. That seems
> nicer for extensions, and also nicer for core GUCs, since it avoids
> bloating the catalog with a bunch of entries that aren't needed.

Grants on GUCs create a new catalog entry if necessary, or update the existing catalog entry if found.

There is a new information_schema.guc_privileges view, not present in v2.