* Robert Haas (robertmh...@gmail.com) wrote:
> On Sun, Apr 17, 2016 at 11:05 PM, Noah Misch wrote:
> > On Sun, Apr 17, 2016 at 08:04:03PM -0400, Noah Misch wrote:
> >> On Thu, Apr 07, 2016 at 03:50:47PM -0400, Stephen Frost wrote:
> >> > I'm planning to continue going over the patch tomorrow morni
On Sun, Apr 17, 2016 at 11:05 PM, Noah Misch wrote:
> On Sun, Apr 17, 2016 at 08:04:03PM -0400, Noah Misch wrote:
>> On Thu, Apr 07, 2016 at 03:50:47PM -0400, Stephen Frost wrote:
>> > I'm planning to continue going over the patch tomorrow morning with
>> > plans to push this before the feature fr
* Noah Misch (n...@leadboat.com) wrote:
> On Thu, Apr 07, 2016 at 03:50:47PM -0400, Stephen Frost wrote:
> > I'm planning to continue going over the patch tomorrow morning with
> > plans to push this before the feature freeze deadline.
>
> > --- a/src/test/regress/expected/rolenames.out
> > +++ b/
On Mon, Apr 18, 2016 at 12:05 PM, Noah Misch wrote:
> On Sun, Apr 17, 2016 at 08:04:03PM -0400, Noah Misch wrote:
>> On Thu, Apr 07, 2016 at 03:50:47PM -0400, Stephen Frost wrote:
>> > I'm planning to continue going over the patch tomorrow morning with
>> > plans to push this before the feature fr
On Sun, Apr 17, 2016 at 08:04:03PM -0400, Noah Misch wrote:
> On Thu, Apr 07, 2016 at 03:50:47PM -0400, Stephen Frost wrote:
> > I'm planning to continue going over the patch tomorrow morning with
> > plans to push this before the feature freeze deadline.
>
> > --- a/src/test/regress/expected/role
On Thu, Apr 07, 2016 at 03:50:47PM -0400, Stephen Frost wrote:
> I'm planning to continue going over the patch tomorrow morning with
> plans to push this before the feature freeze deadline.
> --- a/src/test/regress/expected/rolenames.out
> +++ b/src/test/regress/expected/rolenames.out
> +GRANT te
Noah, Fujii, all,
* Noah Misch (n...@leadboat.com) wrote:
> At the C level, have a pgstattuple function and a pgstattuple_v1_4 function.
> Let them differ only in that the former has a superuser check. Binary
> upgrades will use the former, and fresh CREATE EXTENSION shall use the latter.
Attach
On 04/07/2016 09:50 PM, Stephen Frost wrote:
Robert, José,
I've rebased this on top of master and added a few additional checks and
regression tests.
Applies and compiles cleanly, of course. Passes all 164 tests, too.
- make installcheck-world ok
- interdiff checked, nothing very surprising
*
Robert, José,
I've rebased this on top of master and added a few additional checks and
regression tests.
I'm planning to continue going over the patch tomorrow morning with
plans to push this before the feature freeze deadline.
Thanks!
Stephen
From a0724d91ffd1a93034d5b5d5df2b4ff54339d763 Mon S
Noah,
* Noah Misch (n...@leadboat.com) wrote:
> On Sun, Apr 03, 2016 at 10:27:02PM -0400, Stephen Frost wrote:
> > * Fujii Masao (masao.fu...@gmail.com) wrote:
> > > Currently only superusers can call pgstattuple().
> >
> > I started looking into this.
> >
> > If we were starting from a green fi
On Sun, Apr 03, 2016 at 10:27:02PM -0400, Stephen Frost wrote:
> * Fujii Masao (masao.fu...@gmail.com) wrote:
> > Currently only superusers can call pgstattuple().
>
> I started looking into this.
>
> If we were starting from a green field, the pg_dump dump catalog ACLs
> patch would work just fi
Fujii,
* Fujii Masao (masao.fu...@gmail.com) wrote:
> On Tue, Jul 14, 2015 at 3:46 AM, Stephen Frost wrote:
> > Possibly, but I'd need to look at them more closely than I have time to
> > right now. Can you provide a use-case? That would certainly help.
>
> I have seen the monitoring system wh
If this gets into 9.6, we give users another full release cycle to
ensure there are no reserved rolenames in use.
Then, I reckon that the additional roles/system-role-based fine-grained
authorization could go in for 9.7 without much trouble -- this is badly
needed, IMHO
Thank you, Stephen and
The following review has been posted through the commitfest application:
make installcheck-world: tested, passed
Implements feature: tested, passed
Spec compliant: tested, passed
Documentation:tested, passed
* Applies cleanly to current master (3063e7a84026ced2aadd2262
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, Feb 29, 2016 at 10:02 PM, Stephen Frost wrote:
> > Attached is a stripped-down version of the default roles patch which
> > includes only the 'pg_signal_backend' default role. This provides the
> > framework and structure for other default ro
On Mon, Feb 29, 2016 at 10:02 PM, Stephen Frost wrote:
> Attached is a stripped-down version of the default roles patch which
> includes only the 'pg_signal_backend' default role. This provides the
> framework and structure for other default roles to be added and formally
> reserves the 'pg_' rol
All,
Attached is a stripped-down version of the default roles patch which
includes only the 'pg_signal_backend' default role. This provides the
framework and structure for other default roles to be added and formally
reserves the 'pg_' role namespace. This is split into two patches, the
first to
On Wed, Nov 18, 2015 at 5:36 AM, Stephen Frost wrote:
> Michael,
>
> * Michael Paquier (michael.paqu...@gmail.com) wrote:
>> Will there be any work on this patch for this commit fest or not? This
>> is being carried around for a couple of months now with not much
>> progress. This thread is idle f
Michael,
* Michael Paquier (michael.paqu...@gmail.com) wrote:
> Will there be any work on this patch for this commit fest or not? This
> is being carried around for a couple of months now with not much
> progress. This thread is idle for 4 months now.
This thread and the other one kind of merged.
Stephen,
On Tue, Jul 14, 2015 at 9:22 PM, Fujii Masao wrote:
>
> On Tue, Jul 14, 2015 at 3:46 AM, Stephen Frost wrote:
> > Fujii,
> >
> > * Fujii Masao (masao.fu...@gmail.com) wrote:
> >> he documents of the functions which the corresponding default roles
> >> are added by this patch need to be
On Tue, Jul 14, 2015 at 3:46 AM, Stephen Frost wrote:
> Fujii,
>
> * Fujii Masao (masao.fu...@gmail.com) wrote:
>> he documents of the functions which the corresponding default roles
>> are added by this patch need to be updated. For example, the description
>> of pg_xlog_replay_pause() says "Paus
Fujii,
* Fujii Masao (masao.fu...@gmail.com) wrote:
> he documents of the functions which the corresponding default roles
> are added by this patch need to be updated. For example, the description
> of pg_xlog_replay_pause() says "Pauses recovery immediately (restricted
> to superusers).". I think
On Wed, May 13, 2015 at 12:07 PM, Stephen Frost wrote:
> All,
>
> This patch gets smaller and smaller.
>
> Upon reflection I realized that, with default roles, it's entirely
> unnecssary to change how the permission checks happen today- we can
> simply add checks to them to be looking at role memb
Robert Haas writes:
> Now, if six people who are all well-known PostgreSQL contributors show
> up and they all say "I looked at the latest version of this carefully
> and I'm confident you've got it right", then go ahead: push it. But
> don't make the mistake of thinking that because you're confi
On Wed, May 13, 2015 at 11:50 AM, Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
>> Yes: let's punt this to 9.6. The decisions you're making here are way
>> too significant to be making a couple of days before feature freeze,
>> and this patch has changed massively since it w
* Robert Haas (robertmh...@gmail.com) wrote:
> Yes: let's punt this to 9.6. The decisions you're making here are way
> too significant to be making a couple of days before feature freeze,
> and this patch has changed massively since it was first submitted.
> There isn't time now for people who wan
On Wed, May 13, 2015 at 10:16:39AM -0400, Robert Haas wrote:
> On Tue, May 12, 2015 at 11:07 PM, Stephen Frost wrote:
> > Thoughts? Comments? Suggestions?
>
> Yes: let's punt this to 9.6. The decisions you're making here are way
> too significant to be making a couple of days before feature fr
On Tue, May 12, 2015 at 11:07 PM, Stephen Frost wrote:
> Thoughts? Comments? Suggestions?
Yes: let's punt this to 9.6. The decisions you're making here are way
too significant to be making a couple of days before feature freeze,
and this patch has changed massively since it was first submitted
All,
* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> On 05/13/2015 06:07 AM, Stephen Frost wrote:
> >This does change the XLOG functions to require pg_monitor, as discussed
> >on the other thread where it was pointed out by Heikki that the XLOG
> >location information could be used to extract sens
* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> On 05/13/2015 06:07 AM, Stephen Frost wrote:
> >This does change the XLOG functions to require pg_monitor, as discussed
> >on the other thread where it was pointed out by Heikki that the XLOG
> >location information could be used to extract sensitive
On 05/13/2015 06:07 AM, Stephen Frost wrote:
This does change the XLOG functions to require pg_monitor, as discussed
on the other thread where it was pointed out by Heikki that the XLOG
location information could be used to extract sensitive information
based on what happens during compression.
All,
This patch gets smaller and smaller.
Upon reflection I realized that, with default roles, it's entirely
unnecssary to change how the permission checks happen today- we can
simply add checks to them to be looking at role membership also. That's
removed the last of my concerns regarding any A
All,
* Stephen Frost (sfr...@snowman.net) wrote:
> Starting a new thread, as suggested by Robert, for consideration of
> adding default roles for sets of administrative functions, therefore
> removing the need for superuser-level roles in many use-cases.
[...]
> This is part 2 and really the "gu
All,
Starting a new thread, as suggested by Robert, for consideration of
adding default roles for sets of administrative functions, therefore
removing the need for superuser-level roles in many use-cases.
This reserves the prefix 'pg_' as being for default roles.
Having these default roles also
34 matches
Mail list logo
