Tomas Vondra <t...@fuzzy.cz> writes: > On 19.12.2012 07:34, Magnus Hagander wrote: >> Granting executability on pg_read_xyz is pretty darn close to granting >> superuser, without explicitly asking for it. Well, you get "read only >> superuser". If we want to make that step as easy as just GRANT, we >> really need to write some *very* strong warnings in the documentation >> so that people realize this. I doubt most people will realize it >> unless we do that (and those who don't read the docs, whch is probably >> a majority, never will).
> Yup, that's what I meant by possibility to perform "additional parameter > values checks" ;-) Yeah, which is easily done if you've written a wrapper function and not so easily otherwise. Between that and the point about how pg_dump wouldn't preserve GRANTs done directly on system functions, I think this proposal isn't going anywhere anytime soon. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers