Re: Possibility to disable `ALTER SYSTEM` - Mailing list pgsql-hackers

From Gabriele Bartolini
Subject Re: Possibility to disable `ALTER SYSTEM`
Date
Msg-id CA+VUV5orbuGuu26XiCsiR8VV_bOg_8pOYaj6=+-=gHPjTgW8qA@mail.gmail.com
Whole thread Raw
In response to Re: Possibility to disable `ALTER SYSTEM`  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Possibility to disable `ALTER SYSTEM`
List pgsql-hackers
Hi Tom,

On Thu, 7 Sept 2023 at 22:27, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Gabriele Bartolini <gabriele.bartolini@enterprisedb.com> writes:
> I would like to propose a patch that allows administrators to disable
> `ALTER SYSTEM` via either a runt-time option to pass to the Postgres server
> process at startup (e.g. `--disable-alter-system=true`, false by default)
> or a new GUC (or even both), without changing the current default method of
> the server.

ALTER SYSTEM is already heavily restricted.

Could you please help me better understand what you mean here?
 
I don't think we need random kluges added to the permissions system.

If you allow me, why do you think disabling ALTER SYSTEM altogether is a random kluge? Again, I'd like to better understand this position. I've personally been in many conversations on the security side of things for Postgres in Kubernetes environments, and this is a frequent concern by users who request that changes to the Postgres system (not a database) should only be done declaratively and prevented from within the system.

Thanks,
Gabriele
--
Gabriele Bartolini
Vice President, Cloud Native at EDB

pgsql-hackers by date:

Previous
From: Amit Kapila
Date:
Subject: Re: [PoC] pg_upgrade: allow to upgrade publisher node
Next
From: Kohei KaiGai
Date:
Subject: Re: Using non-grouping-keys at HAVING clause