Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. - Mailing list pgsql-hackers

From Jeff Davis
Subject Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.
Date
Msg-id 8bf68314adb900c3b234f88b7fa9a93ba2b984eb.camel@j-davis.com
Whole thread Raw
In response to Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.  (Andres Freund <andres@anarazel.de>)
Responses Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.
List pgsql-hackers
On Thu, 2021-11-04 at 15:46 -0700, Andres Freund wrote:
> What about extending GRANT to allow to grant rights on commands? Yes,
> it'd be
> a bit of work to make that work in the catalogs, but it doesn't seem
> too hard
> to tackle.

You mean for the CHECKPOINT command specifically, or for many commands?

If it only applies to CHECKPOINT, it seems like more net clutter than a
new predefined role.

But I don't see it generalizing to a lot of commands, either. I looked
at the list, and it's taking some creativity to think of more than a
couple other commands where it makes sense. Maybe LISTEN/NOTIFY? But
even then, there are three related commands: LISTEN, UNLISTEN, and
NOTIFY. Are those one privilege representing them all, two
(LISTEN/UNLISTEN, and NOTIFY), or three separate privileges?

Regards,
    Jeff Davis





pgsql-hackers by date:

Previous
From: Jeff Davis
Date:
Subject: Re: Logical insert/update/delete WAL records for custom table AMs
Next
From: Jeff Davis
Date:
Subject: Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT.