Sean Chittenden <sean@chittenden.org> writes:
>> It's not intended to be a security measure, and I would strongly
>> resist any attempt to make it so along the lines you propose.
> Intended or not, it does work.
No, you just haven't thought of a way to get around it yet. When you do
think of one, you'll be wanting us to contort the GUC system to plug the
loophole. We've already got a horrid mess in there for the LOG_XXX
variables, and I don't want to add more.
I'm not objecting to the idea of being able to make users read-only.
I'm objecting to using GUC for it. Send in a patch that, say, adds a
bool column to pg_shadow, and I'll be happy.
regards, tom lane