Re: Granting SET and ALTER SYSTE privileges for GUCs

On Mon, Dec 13, 2021 at 5:34 PM Mark Dilger
<mark(dot)dilger(at)enterprisedb(dot)com> wrote:
>
>
>
> > On Dec 13, 2021, at 1:33 PM, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> wrote:
> >
> > but will repost in a few hours
>
> ... and here it is:

currently there is a failure in check-world (not sure if it's known):

diff -U3 /src/postgres/src/test/regress/expected/guc_privs.out
/src/postgres/src/test/regress/results/guc_privs.out
--- /src/postgres/src/test/regress/expected/guc_privs.out 2021-12-14
14:11:45.000000000 +0000
+++ /src/postgres/src/test/regress/results/guc_privs.out 2021-12-14
15:50:52.219583421 +0000
@@ -39,8 +39,10 @@
ALTER SYSTEM RESET autovacuum; -- ok
-- PGC_SUSET
SET lc_messages = 'en_US.UTF-8'; -- ok
+ERROR: invalid value for parameter "lc_messages": "en_US.UTF-8"
RESET lc_messages; -- ok
ALTER SYSTEM SET lc_messages = 'en_US.UTF-8'; -- ok
+ERROR: invalid value for parameter "lc_messages": "en_US.UTF-8"
ALTER SYSTEM RESET lc_messages; -- ok
-- PGC_SU_BACKEND
SET jit_debugging_support = OFF; -- fail, cannot be set after connection start

Aside from that I've tested this and it seems to function as
advertised and in my view is worth adding to PG.

One thing that seems like an omission to me is the absence of a
InvokeObjectPostAlterHook in pg_setting_acl_aclcheck or
pg_setting_acl_aclmask so that MAC extensions can also block this,
InvokeObjectPostCreateHook is already in the create path so a
PostAlter hook seems appropriate.

Thank you.