Re: Additional role attributes && superuser review - Mailing list pgsql-hackers

From Robert Haas
Subject Re: Additional role attributes && superuser review
Date
Msg-id CA+TgmoYrQV_QnfGJPbZFJ03fGA5ydpm=Aa+Mw=n0+rmjq19xbw@mail.gmail.com
Whole thread Raw
In response to Re: Additional role attributes && superuser review  (Alvaro Herrera <alvherre@2ndquadrant.com>)
Responses Re: Additional role attributes && superuser review
List pgsql-hackers
On Thu, Oct 16, 2014 at 11:24 AM, Alvaro Herrera
<alvherre@2ndquadrant.com> wrote:
> Stephen Frost wrote:
>> * Petr Jelinek (petr@2ndquadrant.com) wrote:
>> > On 15/10/14 07:22, Stephen Frost wrote:
>> > >   First though, the new privileges, about which the bikeshedding can
>> > >   begin, short-and-sweet format:
>> > >
>> > >   BACKUP:
>> > >     pg_start_backup()
>> > >     pg_stop_backup()
>> > >     pg_switch_xlog()
>> > >     pg_create_restore_point()
>> >
>> > As others have commented, I too think this should support pg_dump.
>>
>> I'm uttly mystified as to what that *means*.  Everyone asking for it is
>> great but until someone can define what "support pg_dump" means, there's
>> not much progress I can make towards it..
>
> To me, what this repeated discussion on this particular BACKUP point
> says, is that the ability to run pg_start/stop_backend and the xlog
> related functions should be a different privilege, i.e. something other
> than BACKUP; because later we will want the ability to grant someone the
> ability to run pg_dump on the whole database without being superuser,
> and we will want to use the name BACKUP for that.  So I'm inclined to
> propose something more specific for this like WAL_CONTROL or
> XLOG_OPERATOR, say.

I'm a little nervous that we're going to end up with a whole bunch of
things with names like X_control, Y_operator, and Z_admin, which I
think is particularly bad if we end up with a mix of styles and also
bad (though less so) if we end up just tacking the word "operator"
onto the end of everything.

I'd suggest calling these capabilities, and allow:

GRANT CAPABILITY whatever TO somebody;

...but keep extraneous words like "control" or "operator" out of the
capabilities names themselves.  So just wal, xlog, logfile, etc.
rather than wal_operator, xlog_operator, logfile_operator and so on.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: UPSERT wiki page, and SQL MERGE syntax
Next
From: Robert Haas
Date:
Subject: Re: Review of GetUserId() Usage