On Thu, Mar 19, 2026 at 6:09 AM Peter Eisentraut <[email protected]> wrote:
> Here is a stalled project to implement ALTER SYSTEM READ ONLY: > > https://www.postgresql.org/message-id/flat/CAAJ_b97KZzdJsffwRK7w0XU5HnXkcgKgTR69t8cOZztsyXjkQw%40mail.gmail.com I think the scope of this request is much smaller than that one, so should be more doable. That one, IIUC, is more of a ALTER SYSTEM STOP_ALL_ACTIVITY_EVEN_WAL but we are looking for more of a "stop any overt changes to our data via any non-select command" while still allowing all sorts of background/maintenance activity to continue on. Basically, anything that would cause a pg_dump to be different. I'm a +1 to the cluster-wide change, and a -1 to the per-connection idea that started this thread, because I still don't see the need for it when we have an existing roles/permissions system that gets the job done. You want your untrusted agent to read from your database? Create a specific role for that. If our existing per-role access controls are not sufficient, improve them. Cheers, Greg
