Re: Granting SET and ALTER SYSTE privileges for GUCs - Mailing list pgsql-hackers

From Mark Dilger
Subject Re: Granting SET and ALTER SYSTE privileges for GUCs
Date
Msg-id 9F2C67AB-D357-4353-8172-E82E54A52107@enterprisedb.com
Whole thread Raw
In response to Re: Granting SET and ALTER SYSTE privileges for GUCs  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers

> On Nov 16, 2021, at 2:12 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> The question is why you need pg_config_param at all, then.
> AFAICS it just adds maintenance complexity we could do without.
> I think we'd be better off with a catalog modeled on the design of
> pg_db_role_setting, which would have entries for roles and lists
> of GUC names that those roles could set.

Originally, I was trying to have dependency linkage between two proper types of objects, so that DROP ROLE and DROP
CONFIGURATIONPARAMETER would behave as expected, complaining about privileges remaining rather than dropping an object
andleaving a dangling reference. 

I've deleted the whole CREATE CONFIGURATION PARAMETER and DROP CONFIGURATION PARAMETER syntax and implementation, but
itstill seems odd to me that: 

  CREATE ROLE somebody;
  GRANT SELECT ON TABLE sometable TO ROLE somebody;
  GRANT ALTER SYSTEM ON someguc TO ROLE somebody;
  DROP ROLE somebody;
  ERROR:  role "somebody" cannot be dropped because some objects depend on it
  DETAIL:  privileges for table sometable

would not mention privileges for "someguc" as well.  That's why I want configuration parameters to be proper objects
withOIDs and with entries in pg_depend and/or pg_shdepend.  Maybe there is some better way to do it, but that's why
I'vebeen doing this. 

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company






pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Granting SET and ALTER SYSTE privileges for GUCs
Next
From: Mark Dilger
Date:
Subject: Re: Granting SET and ALTER SYSTE privileges for GUCs