| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Joe Conway <joe(at)crunchydata(dot)com> |
| Subject: | Re: Granting SET and ALTER SYSTE privileges for GUCs |
| Date: | 2022-03-30 15:44:53 |
| Message-ID: | CAKFQuwbpHVfr_jz6yC_U5O1itND3x_z9OoTKNkiNy-42f-WDBQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 30, 2022 at 8:12 AM Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>
> On 3/30/22 09:26, Tom Lane wrote:
>
> >
> > What this loses is the ability to revoke public SET permissions
> > on USERSET GUCs. I claim that that is not so valuable as to
> > justify all the complication needed to deal with it.
Agreed, and in line with my thinking from last night. These default public
set grants are indeed the complication and I'm good with the status quo
where they are non-revocable.
I'm finding it curious that we are choosing to document every (all 6)
context that doesn't have this default privilege instead of saying that
only the user context variables are granted this default, and now
irrevocable, default set privilege. This is in addition to making sure we
distinguish between parameter and context in my earlier email.
> > Avoiding
> > a permissions lookup in the default SET code path seems like
> > a pretty important benefit, too. If we force that to happen
> > it's going to be a noticeable drag on functions with SET clauses.
> >
> >
> The last point is telling, so +1
>
>
Indeed. +1
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-03-30 15:45:53 | Re: Granting SET and ALTER SYSTE privileges for GUCs |
| Previous Message | Robert Haas | 2022-03-30 15:44:27 | Re: multithreaded zstd backup compression for client and server |