> On Jul 5, 2021, at 1:50 AM, Andrey Borodin <x4...@yandex-team.ru> wrote:
>
> I'm not sure, but maybe we should allow replication role to change
> session_replication_role?
Thanks, Andrey, for taking a look.
Yes, there is certainly some logic to that suggestion. The patch v4-0005 only
delegates authority to perform ALTER SYSTEM SET to three roles:
pg_database_security, pg_network_security, and pg_host_security. I don't mind
expanding this list to include the replication attribute, but I am curious
about opinions on the general design. There may be an advantage in keeping the
list short. In particular, as the list gets longer, will it get harder to
decide which role to associate with each new GUC that gets added? For
third-party extensions, will it be harder for them to decide in any principled
way which role to assign to each GUC that they add? There are multiple ways to
cut up the set of all GUCs. database/host/network is not an entirely clean
distinction, and perhaps database/host/network/replication is better, but I'm
uncertain.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company