All, I want to revive this thread and continue to move these new role attributes forward.
In summary, the ultimate goal is to include new role attributes for common operations which currently require superuser privileges. Initially proposed were the following attributes: * BACKUP - allows role to perform backup operations * LOGROTATE - allows role to rotate log files * MONITOR - allows role to view pg_stat_* details * PROCSIGNAL - allows role to signal backend processes It seems that PROCSIGNAL and MONITOR were generally well received and probably don't warrant much more discussion at this point. However, based on previous discussions, there seemed to be some uncertainty on how to handle BACKUP and LOGROTATE. Concerns: * LOGROTATE - only associated with one function/operation. * BACKUP - perceived to be too broad of a permission as it it would provide the ability to run pg_start/stop_backend and the xlog related functions. It is general sentiment is that these should be handled as separate privileges. * BACKUP - preferred usage is with pg_dump to giving a user the ability to run pg_dump on the whole database without being superuser. Previous Recommendations: * LOGROTATE - Use OPERATOR - concern was expressed that this might be too general of an attribute for this purpose. Also, concern for privilege 'upgrades' as it includes more capabilities in later releases. * LOGROTATE - Use LOG_OPERATOR - generally accepted, but concern was raise for using extraneous descriptors such as '_OPERATOR' and '_ADMIN', etc. * BACKUP - Use WAL_CONTROL for pg_start/stop_backup - no major disagreement, though same concern regarding extraneous descriptors. * BACKUP - Use XLOG_OPERATOR for xlog operations - no major disagreement, though same concern regarding extraneous descriptors. * BACKUP - Use BACKUP for granting non-superuser ability to run pg_dump on whole database. Given the above and previous discussions: I'd like to propose the following new role attributes: BACKUP - allows role to perform pg_dump* backups of whole database. WAL - allows role to execute pg_start_backup/pg_stop_backup functions. XLOG - allows role to execute xlog operations. LOG - allows role to rotate log files - remains broad enough to consider future log related operations. MONITOR - allows role to view pg_stat_* details. PROCSIGNAL - allows role to signal backend processes. If these seem reasonable, then I'll begin updating the initial/current patch submitted. But in either case, feedback and suggestions are certainly welcome and appreciated. Thanks, Adam -- Adam Brightwell - adam.brightw...@crunchydatasolutions.com Database Engineer - www.crunchydatasolutions.com
