On Mon, Sep 19, 2016 at 12:02 AM, David Fetter <da...@fetter.org> wrote: >> - The claim in the documentation that only superusers can do things >> with this module is not generally correct. > > I think that the claims are fixed. This is SUSET, at least in this > patch, because anything short of that that changes query behavior > seems incautious.
Uggh, I disagree strongly with that, as do lots of existing GUCs. I think it's for the superuser to decide whether this should be enabled by default (e.g. by setting it in postgresql.conf) and for individual users to decide whether they want to override the superuser's decision for particular sessions. Therefore, I think this should be PGC_USERSET. I think PGC_SUSET GUCs are pretty annoying, and we should have a really compelling reason why it's not OK for users to change the value of a setting before resorting to PGC_SUSET. For example, log_duration is PGC_SUSET and that makes sense because the log is "owned" by the administrator, not the individual user. But work_mem, for example, changes query behavior and that is PGC_USERSET. I think that's right. We have talked before about wanting a system that restricts the values to which users can legally set values which they are in principle allowed to change, and someday we might have that. In the meantime, letting regular users change settings that they don't like is, in general, a feature, not a bug. Someone who feels otherwise can, of course, hack up their own version of this module. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers