Re: Getting rid of pg_pltemplate

Dimitri Fontaine <dimitri@2ndQuadrant.fr> writes:
> Tom Lane <tgl@sss.pgh.pa.us> writes:
>> We'll add a new boolean parameter to extension control files, called say
>> "dba_create" (ideas for better names welcome).  If it's missing or set
>> to false, there's no change in behavior.  When it's true, then
>> 
>> (a) you must be superuser or owner of the current database to create the
>> extension;
>> 
>> (b) the commands within the extension's script will be run as though by a
>> superuser, even if you aren't one.

> That's called sudo on linux.  I propose that we stick to such a name.

I'm not impressed with that name: it will mean nothing to Windows users,
nor for that matter to many non-sysadmin types on Unix.

> Do we want a more general SUDO facility in PostgreSQL?  It would be, I
> guess, about the same thing as SET ROLE postgres;

Yeah, I think SET ROLE already covers that territory.

The point of the current proposal is to grant a very limited subset of
superuser privileges --- specifically, the right to install specific
extensions --- to database owners.  Maybe it'd make sense to eliminate
the tie to database ownership and instead consider that you're allowed
to do this if you're a member of some predefined role, which then would
typically be GRANTed to database owners or other semi-trustworthy people.
But we don't currently have any predefined group roles like that, so
it'd be a rather large departure from past practice.
        regards, tom lane