Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag - Mailing list pgsql-hackers

From Drouvot, Bertrand
Subject Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag
Date
Msg-id c7096b14-b731-4f33-ac4c-85ba9046a3ef@gmail.com
Whole thread Raw
In response to Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag  (Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>)
Responses Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag
List pgsql-hackers
Hi,

On 10/5/23 2:21 PM, Bharath Rupireddy wrote:
> On Thu, Oct 5, 2023 at 12:22 PM Drouvot, Bertrand
> <bertranddrouvot.pg@gmail.com> wrote:
>>
> A comment on v6-0002:
> 1.
> +  CREATE ROLE nologrole with nologin;
> +  ALTER ROLE nologrole with superuser;
> +]);
> We don't need superuser privileges here, do we? Or do we need it for
> the worker_spi to access pg_catalog and stuff in worker_spi_main? If
> not, can we remove it to showcase non-superusers requesting bg
> workers?

superuser is not needed here.
I removed it but had to change it in v7 attached to:

+  CREATE ROLE nologrole with nologin;
+  GRANT CREATE ON DATABASE mydb TO nologrole;

To avoid things like:

"
2023-10-05 15:59:39.189 UTC [2830732] LOG:  worker_spi dynamic worker 13 initialized with schema13.counted
2023-10-05 15:59:39.191 UTC [2830732] ERROR:  permission denied for database mydb
2023-10-05 15:59:39.191 UTC [2830732] CONTEXT:  SQL statement "CREATE SCHEMA "schema13" CREATE TABLE "counted"
"

Regards,
  
-- 
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
Attachment

pgsql-hackers by date:

Previous
From: Julien Rouhaud
Date:
Subject: Re: Good News Everyone! + feature proposal
Next
From: Bharath Rupireddy
Date:
Subject: Re: Add a new BGWORKER_BYPASS_ROLELOGINCHECK flag