Re: Granting SET and ALTER SYSTE privileges for GUCs
| От | Mark Dilger |
|---|---|
| Тема | Re: Granting SET and ALTER SYSTE privileges for GUCs |
| Дата | |
| Msg-id | 9F2C67AB-D357-4353-8172-E82E54A52107@enterprisedb.com обсуждение исходный текст |
| Ответ на | Re: Granting SET and ALTER SYSTE privileges for GUCs (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
> On Nov 16, 2021, at 2:12 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > The question is why you need pg_config_param at all, then. > AFAICS it just adds maintenance complexity we could do without. > I think we'd be better off with a catalog modeled on the design of > pg_db_role_setting, which would have entries for roles and lists > of GUC names that those roles could set. Originally, I was trying to have dependency linkage between two proper types of objects, so that DROP ROLE and DROP CONFIGURATIONPARAMETER would behave as expected, complaining about privileges remaining rather than dropping an object andleaving a dangling reference. I've deleted the whole CREATE CONFIGURATION PARAMETER and DROP CONFIGURATION PARAMETER syntax and implementation, but itstill seems odd to me that: CREATE ROLE somebody; GRANT SELECT ON TABLE sometable TO ROLE somebody; GRANT ALTER SYSTEM ON someguc TO ROLE somebody; DROP ROLE somebody; ERROR: role "somebody" cannot be dropped because some objects depend on it DETAIL: privileges for table sometable would not mention privileges for "someguc" as well. That's why I want configuration parameters to be proper objects withOIDs and with entries in pg_depend and/or pg_shdepend. Maybe there is some better way to do it, but that's why I'vebeen doing this. — Mark Dilger EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: