Home > mailing lists

Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag - Mailing list pgsql-hackers

From	Drouvot, Bertrand
Subject	Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag
Date	October 5, 2023 19:02:43
Msg-id	c7096b14-b731-4f33-ac4c-85ba9046a3ef@gmail.com Whole thread Raw
In response to	Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag (Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>)
Responses	Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag
List	pgsql-hackers

Tree view

Hi,

On 10/5/23 2:21 PM, Bharath Rupireddy wrote:
> On Thu, Oct 5, 2023 at 12:22 PM Drouvot, Bertrand
> <bertranddrouvot.pg@gmail.com> wrote:
>>
> A comment on v6-0002:
> 1.
> +  CREATE ROLE nologrole with nologin;
> +  ALTER ROLE nologrole with superuser;
> +]);
> We don't need superuser privileges here, do we? Or do we need it for
> the worker_spi to access pg_catalog and stuff in worker_spi_main? If
> not, can we remove it to showcase non-superusers requesting bg
> workers?

superuser is not needed here.
I removed it but had to change it in v7 attached to:

+  CREATE ROLE nologrole with nologin;
+  GRANT CREATE ON DATABASE mydb TO nologrole;

To avoid things like:

"
2023-10-05 15:59:39.189 UTC [2830732] LOG:  worker_spi dynamic worker 13 initialized with schema13.counted
2023-10-05 15:59:39.191 UTC [2830732] ERROR:  permission denied for database mydb
2023-10-05 15:59:39.191 UTC [2830732] CONTEXT:  SQL statement "CREATE SCHEMA "schema13" CREATE TABLE "counted"
"

Regards,
  
-- 
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com

Attachment

pgsql-hackers by date:

From: Julien Rouhaud
Date: 05 October 2023, 19:02:15
Subject: Re: Good News Everyone! + feature proposal

From: Bharath Rupireddy
Date: 05 October 2023, 19:23:33
Subject: Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag

Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag - Mailing list pgsql-hackers

Attachment

Previous

Next