On 15/10/14 07:22, Stephen Frost wrote:
First though, the new privileges, about which the bikeshedding can begin, short-and-sweet format: BACKUP: pg_start_backup() pg_stop_backup() pg_switch_xlog() pg_create_restore_point()
As others have commented, I too think this should support pg_dump.
For posterity's sake, here's my review and comments on the various existing superuser checks in the backend (those not addressed above): CREATE EXTENSION This could be a role attribute as the others above, but I didn't want to try and include it in this patch as it has a lot of hairy parts, I expect.
Yeah it will, mainly because extensions can load modules and can have untrusted functions, we might want to limit which extensions are possible to create without being superuser.
tcop/utility.c LOAD (load shared library)
This already somewhat handles non-superuser access. You can do LOAD as normal user as long as the library is in $libdir/plugins directory so it probably does not need separate role attribute (might be somehow useful in combination with CREATE EXTENSION though).
commands/functioncmds.c create untrusted-language functions
I often needed more granularity there (plproxy).
commands/functioncmds.c execute DO blocks with untrusted languages
I am not sure if this is significantly different from untrusted-language functions.
-- Petr Jelinek http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers