| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Craig Ringer <craig(at)2ndquadrant(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Noah Misch <noah(at)leadboat(dot)com>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, David Steele <david(at)pgmasters(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Gavin Flower <GavinFlower(at)archidevsys(dot)co(dot)nz>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter_e(at)gmx(dot)net>, Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Petr Jelinek <petr(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Additional role attributes && superuser review |
| Date: | 2016-01-31 12:30:54 |
| Message-ID: | CAB7nPqTRZJxrvQR16qK3kgNWeZhMgCAY7AKbo+UuLJG+9B1u6A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jan 31, 2016 at 7:55 AM, Michael Paquier
<michael(dot)paquier(at)gmail(dot)com> wrote:
> On Sun, Jan 31, 2016 at 5:32 AM, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
>> On 29 January 2016 at 22:41, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>>>
>>> Michael,
>>>
>>> * Michael Paquier (michael(dot)paquier(at)gmail(dot)com) wrote:
>>> > On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost <sfrost(at)snowman(dot)net>
>>> > wrote:
>>> > > * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>>> > >> On Thu, Jan 28, 2016 at 11:04 AM, Stephen Frost <sfrost(at)snowman(dot)net>
>>> > wrote:
>>> > >> > Personally, I don't have any particular issue having both, but the
>>> > >> > desire was stated that it would be better to have the regular
>>> > >> > GRANT EXECUTE ON catalog_func() working before we consider having
>>> > >> > default roles for same. That moves the goal posts awful far
>>> > >> > though, if
>>> > >> > we're to stick with that and consider how we might extend the GRANT
>>> > >> > system in the future.
>>> > >>
>>> > >> I don't think it moves the goal posts all that far. Convincing
>>> > >> pg_dump to dump grants on system functions shouldn't be a crazy large
>>> > >> patch.
>>> > >
>>> > > I wasn't clear as to what I was referring to here. I've already
>>> > > written
>>> > > a patch to pg_dump to support grants on system objects and agree that
>>> > > it's at least reasonable.
>>> >
>>> > Is it already posted somewhere? I don't recall seeing it. Robert and
>>> > Noah
>>> > have a point that this would be useful for users who would like to dump
>>> > GRANT/REVOKE rights on system functions & all, using a new option in
>>> > pg_dumpall, say --with-system-acl or --with-system-privileges.
>>>
>>> Multiple versions were posted on this thread. I don't fault you for not
>>> finding it, this thread is a bit long in the tooth. The one I'm
>>> currently working from is
>>>
>>
>> It strikes me that this thread would possibly benefit from a wiki page
>> outlining the permissions, overall concepts, etc, as it's getting awfully
>> hard to follow.
>
> +1. This has proved to be very beneficial for UPSERT.
I am marking this patch as returned with feedback per the current
status of this thread.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2016-01-31 12:34:35 | Re: PATCH: index-only scans with partial indexes |
| Previous Message | Michael Paquier | 2016-01-31 12:29:43 | Re: Re: BUG #13685: Archiving while idle every archive_timeout with wal_level hot_standby |