On Tuesday, November 24, 2015, Alvaro Herrera <
alvherre@2ndquadrant.com> wrote:
Stephen Frost wrote:
> Even so, in the interest of having more fine-grained permission
> controls, I've gone ahead and added a pg_switch_xlog default role.
> Note that this means that pg_switch_xlog() can be called by both
> pg_switch_xlog roles and pg_backup roles. I'd be very much against
> removing the ability to call pg_switch_xlog from the pg_backup role as
> that really is a capability which is needed by users running backups and
> it'd just add unnecessary complexity to require users setting up backup
> tools to grant two different roles to get the backup to work.
Isn't it simpler to grant pg_switch_xlog to pg_backup in the default
config?
I'm not against it, but it would imply a set of data lines for pg_auth_members, which we don't have today. We can't easily directly GRANT the role due to the restrictions put in place to prevent regular users from changing the system roles. On the other hand, we could change the check to only apply when we aren't in bootstrap mode.
Thanks!
Stephen