On 15/10/14 07:22, Stephen Frost wrote:

   First though, the new privileges, about which the bikeshedding can
   begin, short-and-sweet format:

   BACKUP:
     pg_start_backup()
     pg_stop_backup()
     pg_switch_xlog()
     pg_create_restore_point()

As others have commented, I too think this should support pg_dump.


   For posterity's sake, here's my review and comments on the various
   existing superuser checks in the backend (those not addressed above):

   CREATE EXTENSION
     This could be a role attribute as the others above, but I didn't
     want to try and include it in this patch as it has a lot of hairy
     parts, I expect.

Yeah it will, mainly because extensions can load modules and can have untrusted functions, we might want to limit which extensions are possible to create without being superuser.


   tcop/utility.c
     LOAD (load shared library)


This already somewhat handles non-superuser access. You can do LOAD as normal user as long as the library is in $libdir/plugins directory so it probably does not need separate role attribute (might be somehow useful in combination with CREATE EXTENSION though).


   commands/functioncmds.c
     create untrusted-language functions


I often needed more granularity there (plproxy).


   commands/functioncmds.c
     execute DO blocks with untrusted languages


I am not sure if this is significantly different from untrusted-language functions.


--
 Petr Jelinek                  http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to