Greetings, * Isaac Morland (isaac.morl...@gmail.com) wrote: > On Tue, 2 Nov 2021 at 19:00, Vik Fearing <v...@postgresfriends.org> wrote: > > On 11/2/21 11:14 PM, Vik Fearing wrote: > > > > > This would be nice, but there is nothing to hang our hat on: > > > > > > GRANT CHECKPOINT TO username; > > > > Thinking about this more, why don't we just add CHECKPOINT and > > NOCHECKPOINT attributes to roles? > > > > ALTER ROLE username WITH CHECKPOINT; > > At present, this would require adding a field to pg_authid. This isn't very > scalable; but we're already creating new pg_* roles which give access to > various actions so I don't know why a role attribute would be a better > approach. If anything, I think it would be more likely to move in the other > direction: replace role attributes that in effect grant privileges with > predefined roles. I think this has already been discussed here in the > context of CREATEROLE.
Yes, much better to create predefined roles for this kind of thing and, ideally, move explicitly away from role attributes. Thanks, Stephen
signature.asc
Description: PGP signature
