Re: Per-database and per-user GUC settings - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Per-database and per-user GUC settings
Date
Msg-id Pine.LNX.4.30.0201282157100.688-100000@peter.localdomain
Whole thread Raw
In response to Re: Per-database and per-user GUC settings  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Per-database and per-user GUC settings
List pgsql-hackers
Tom Lane writes:

> One issue you didn't mention is what security level these options are
> assumed to have by GUC.  That plays into what permissions are needed to
> issue the SET/ALTER commands.

Right.  My design was, the SET/ALTER commands are allowed to be executed
by the user for his own pg_shadow record, the database owner for his
pg_database record, and superusers for everything.  (Hmm, good we're not
doing the group thing.  Would have gotten tricky here.)

Normal users can only add USERSET settings.  Other settings provoke a
NOTICE at runtime (if they happen to sneak in somehow) and will otherwise
be ignored.

Superusers can also add SUSET records to their per-user settings.  I'm
currently unsure about whether to allow superusers to add SUSET settings
to the per-database settings, because it would mean that the database
session would behave differently depending on what user invokes it.  And
since it's not widely known what settings have what permission, I'm afraid
it could be confusing.  On the other hand, superusers should know what
they're doing.

-- 
Peter Eisentraut   peter_e@gmx.net



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Syscaches should store negative entries, too
Next
From: Don Baccus
Date:
Subject: Re: A simpler way to configure the source code?