Hi Tom, On Thu, 7 Sept 2023 at 22:27, Tom Lane <[email protected]> wrote:
> Gabriele Bartolini <[email protected]> writes: > > I would like to propose a patch that allows administrators to disable > > `ALTER SYSTEM` via either a runt-time option to pass to the Postgres > server > > process at startup (e.g. `--disable-alter-system=true`, false by default) > > or a new GUC (or even both), without changing the current default method > of > > the server. > > ALTER SYSTEM is already heavily restricted. Could you please help me better understand what you mean here? > I don't think we need random kluges added to the permissions system. If you allow me, why do you think disabling ALTER SYSTEM altogether is a random kluge? Again, I'd like to better understand this position. I've personally been in many conversations on the security side of things for Postgres in Kubernetes environments, and this is a frequent concern by users who request that changes to the Postgres system (not a database) should only be done declaratively and prevented from within the system. Thanks, Gabriele -- Gabriele Bartolini Vice President, Cloud Native at EDB enterprisedb.com
