Re: Streaming replication as a separate permissions

On Tue, Dec 28, 2010 at 13:05, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Mon, Dec 27, 2010 at 22:53, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>> On Mon, Dec 27, 2010 at 22:42, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>>> Updated patch, still pending docs, but otherwise updated: allow
>>>> start/stop backup, make sure only superuser can turn on/off the flag,
>>>> include in system views, show properly in psql.
>>>
>>> I'd suggest avoiding creating the static cache variable
>>> AuthenticatedUserIsReplicationRole.  This can't possibly be sufficiently
>>> interesting from a performance point of view to justify the risks
>>> associated with stale cache values.  Just look up the pg_authid syscache
>>> entry when needed, ie, treat it more like rolcreaterole than rolsuper.
>>
>> Sure, I catually had it that way first. But doing it this way was less
>> code. But I realize I should've revisited that decision when I made
>> the change to pg_start_backup and pg_stop_backup - before that the
>> checks would only happen during a very short window of time at the
>> start of the connection, but now it can happen later..
>>
>>
>>> BTW, you forgot pg_dumpall support.
>>
>> Gah. I knew that, but somehow dropped it from my TODO. Thanks for the reminder!
>
> Ok, here's an updated patch that does both these and includes
> documentation and regression test changes. With that, I think we're
> good to go.

I've applied this version (with some minor typo-fixes).

--
 Magnus Hagander
 Me: http://www.hagander.net/
 Work: http://www.redpill-linpro.com/