Re: Per-database and per-user GUC settings

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Per-database and per-user GUC settings
Date: 2002-01-30 00:32:15
Message-ID: Pine.LNX.4.30.0201282157100.688-100000@peter.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Tom Lane writes:

> One issue you didn't mention is what security level these options are
> assumed to have by GUC. That plays into what permissions are needed to
> issue the SET/ALTER commands.

Right. My design was, the SET/ALTER commands are allowed to be executed
by the user for his own pg_shadow record, the database owner for his
pg_database record, and superusers for everything. (Hmm, good we're not
doing the group thing. Would have gotten tricky here.)

Normal users can only add USERSET settings. Other settings provoke a
NOTICE at runtime (if they happen to sneak in somehow) and will otherwise
be ignored.

Superusers can also add SUSET records to their per-user settings. I'm
currently unsure about whether to allow superusers to add SUSET settings
to the per-database settings, because it would mean that the database
session would behave differently depending on what user invokes it. And
since it's not widely known what settings have what permission, I'm afraid
it could be confusing. On the other hand, superusers should know what
they're doing.

--
Peter Eisentraut peter_e(at)gmx(dot)net

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2002-01-30 00:33:29 A simpler way to configure the source code?
Previous Message Tom Lane 2002-01-30 00:32:04 Syscaches should store negative entries, too