On Mon, 2005-12-12 at 16:35 -0600, Jim C. Nasby wrote: > On Mon, Dec 12, 2005 at 05:27:33PM -0500, Andrew Dunstan wrote: > > >On Mon, Dec 12, 2005 at 05:00:45PM -0500, Tom Lane wrote: > > > > > > > > >>"Jim C. Nasby" <[EMAIL PROTECTED]> writes: > > >> > > >> > > >>>I'd love to see something like SUDO ALTER USER ... SUDO REINDEX ... etc. > > >>>That would make it easy to do 'normal' work with a non-superuser > > >>>account. > > >>> > > >>> > > >>You can already do most of this with SET/RESET ROLE: > > >> > > >> > > > > > >Very cool, I didn't realize that. It would still be nice if there was a > > >way to do it on a per-command basis (since often you just need to run > > >one command as admin/dba/what-have-you), but I suspect adding that to > > >the grammar would be a real PITA. Perhapse it could be added to psql > > >though... > > > > If it's one command can't you wrap it in a security definer function? > > Sure, if it's a command you'll be using over and over. Which I guess > some are, but it's still a pain.
> Maybe what I'm asking for will only make sense to people who use sudo... Having a set of fine-grained permissions that you could grant to roles could be useful. A sudo equivalent would be a version of psql that always connected to the database using super-user and allowed command execution based on a regular expression. Bit of a hack to say the least. -- ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
