Re: [HACKERS] Additional role attributes && superuser review

2016-02-20 Thread Noah Misch
On Wed, Feb 03, 2016 at 01:44:28PM -0500, Robert Haas wrote: > On Thu, Jan 28, 2016 at 4:37 PM, Stephen Frost wrote: > > pg_monitor > > > > Allows roles granted more information from pg_stat_activity. Can't be > > just a regular non-default-role right as we don't,

Re: [HACKERS] Additional role attributes && superuser review

2016-02-03 Thread Robert Haas
On Thu, Jan 28, 2016 at 4:37 PM, Stephen Frost wrote: > pg_monitor > > Allows roles granted more information from pg_stat_activity. Can't be > just a regular non-default-role right as we don't, currently, have a > way to say "filter out the values of certain columns on

Re: [HACKERS] Additional role attributes && superuser review

2016-01-31 Thread Michael Paquier
On Sun, Jan 31, 2016 at 7:55 AM, Michael Paquier wrote: > On Sun, Jan 31, 2016 at 5:32 AM, Craig Ringer wrote: >> On 29 January 2016 at 22:41, Stephen Frost wrote: >>> >>> Michael, >>> >>> * Michael Paquier

Re: [HACKERS] Additional role attributes && superuser review

2016-01-30 Thread Craig Ringer
On 29 January 2016 at 22:41, Stephen Frost wrote: > Michael, > > * Michael Paquier (michael.paqu...@gmail.com) wrote: > > On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost > wrote: > > > * Robert Haas (robertmh...@gmail.com) wrote: > > >> On Thu, Jan 28,

Re: [HACKERS] Additional role attributes && superuser review

2016-01-30 Thread Michael Paquier
On Sun, Jan 31, 2016 at 5:32 AM, Craig Ringer wrote: > On 29 January 2016 at 22:41, Stephen Frost wrote: >> >> Michael, >> >> * Michael Paquier (michael.paqu...@gmail.com) wrote: >> > On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost

Re: [HACKERS] Additional role attributes && superuser review

2016-01-29 Thread Stephen Frost
Michael, * Michael Paquier (michael.paqu...@gmail.com) wrote: > On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost wrote: > > * Robert Haas (robertmh...@gmail.com) wrote: > >> On Thu, Jan 28, 2016 at 11:04 AM, Stephen Frost > wrote: > >> > Personally, I don't

Re: [HACKERS] Additional role attributes && superuser review

2016-01-29 Thread Michael Paquier
On Fri, Jan 29, 2016 at 11:41 PM, Stephen Frost wrote: > Michael, > > * Michael Paquier (michael.paqu...@gmail.com) wrote: >> On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost wrote: >> > * Robert Haas (robertmh...@gmail.com) wrote: >> >> On Thu, Jan 28, 2016

Re: [HACKERS] Additional role attributes && superuser review

2016-01-28 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Sun, Jan 17, 2016 at 6:58 PM, Stephen Frost wrote: > > I'm not against that idea, though I continue to feel that there are > > common sets of privileges which backup tools could leverage. > > > > The other issue that I'm

Re: [HACKERS] Additional role attributes && superuser review

2016-01-28 Thread Robert Haas
On Thu, Jan 28, 2016 at 11:04 AM, Stephen Frost wrote: >> So, this seems like a case where a built-in role would be >> well-justified. I don't really believe in built-in roles as a way of >> bundling related permissions; I know you do, but I don't. I'd rather >> see the

Re: [HACKERS] Additional role attributes && superuser review

2016-01-28 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Thu, Jan 28, 2016 at 11:04 AM, Stephen Frost wrote: > >> So, this seems like a case where a built-in role would be > >> well-justified. I don't really believe in built-in roles as a way of > >> bundling related permissions; I

Re: [HACKERS] Additional role attributes && superuser review

2016-01-28 Thread Michael Paquier
On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost wrote: > * Robert Haas (robertmh...@gmail.com) wrote: >> On Thu, Jan 28, 2016 at 11:04 AM, Stephen Frost wrote: >> > Personally, I don't have any particular issue having both, but the >> > desire was stated

Re: [HACKERS] Additional role attributes && superuser review

2016-01-19 Thread David Steele
On 1/17/16 9:10 PM, Stephen Frost wrote: > but if it's possible to do a backup without > being a superuser and with only read access to the data directory, I > would expect every backup soltuion to view that as a feature which they > want to support, as there are environments which will find it

Re: [HACKERS] Additional role attributes && superuser review

2016-01-18 Thread Robert Haas
On Sun, Jan 17, 2016 at 6:58 PM, Stephen Frost wrote: > I'm not against that idea, though I continue to feel that there are > common sets of privileges which backup tools could leverage. > > The other issue that I'm running into, again, while considering how to > move back to

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Bruce Momjian
On Wed, Jan 6, 2016 at 12:29:14PM -0500, Robert Haas wrote: > The point is that with the GRANT EXECUTE ON FUNCTION proposal, authors > of monitoring tools enjoy various really noteworthy advantages. They > can have monitoring roles which have *exactly* the privileges that > their tool needs, not

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Stephen Frost
* Bruce Momjian (br...@momjian.us) wrote: > On Mon, Jan 4, 2016 at 12:55:16PM -0500, Stephen Frost wrote: > > I'd like to be able to include, in both of those, a simple set of > > instructions for granting the necessary rights to the user who is > > running those processes. A set of rights which

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Stephen Frost
* Bruce Momjian (br...@momjian.us) wrote: > On Sun, Jan 17, 2016 at 01:49:19PM -0500, Stephen Frost wrote: > > * Bruce Momjian (br...@momjian.us) wrote: > > > > pgbackrest: > > > > > > > > To run pgbackrest as a non-superuser and not the 'postgres' system > > > > user, grant the pg_backup

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Bruce Momjian
On Mon, Jan 4, 2016 at 12:55:16PM -0500, Stephen Frost wrote: > I'd like to be able to include, in both of those, a simple set of > instructions for granting the necessary rights to the user who is > running those processes. A set of rights which an administrator can go > look up and easily read

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Bruce Momjian
On Sun, Jan 17, 2016 at 01:49:19PM -0500, Stephen Frost wrote: > * Bruce Momjian (br...@momjian.us) wrote: > > > pgbackrest: > > > > > > To run pgbackrest as a non-superuser and not the 'postgres' system > > > user, grant the pg_backup role to the backrest user and ensure the > > > backrest

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Bruce Momjian
On Sun, Jan 17, 2016 at 01:57:22PM -0500, Stephen Frost wrote: > Right, we also check in the backend on startup for certain permissions. > I don't recall offhand if that's forced to 700 or if we allow 750. > > > > I don't recall offhand if that means we'd have to make changes to allow > > > that,

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Bruce Momjian
On Sun, Jan 17, 2016 at 06:58:25PM -0500, Stephen Frost wrote: > I'm not against that idea, though I continue to feel that there are > common sets of privileges which backup tools could leverage. > > The other issue that I'm running into, again, while considering how to > move back to ACL-based

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Stephen Frost
* Bruce Momjian (br...@momjian.us) wrote: > On Wed, Jan 6, 2016 at 12:29:14PM -0500, Robert Haas wrote: > > The point is that with the GRANT EXECUTE ON FUNCTION proposal, authors > > of monitoring tools enjoy various really noteworthy advantages. They > > can have monitoring roles which have

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Stephen Frost
Bruce, * Bruce Momjian (br...@momjian.us) wrote: > On Sun, Jan 17, 2016 at 01:57:22PM -0500, Stephen Frost wrote: > > Right, we also check in the backend on startup for certain permissions. > > I don't recall offhand if that's forced to 700 or if we allow 750. > > > > > > I don't recall offhand

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Stephen Frost
* Bruce Momjian (br...@momjian.us) wrote: > On Sun, Jan 17, 2016 at 06:58:25PM -0500, Stephen Frost wrote: > > I'm not against that idea, though I continue to feel that there are > > common sets of privileges which backup tools could leverage. > > > > The other issue that I'm running into, again,

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Bruce Momjian
On Sun, Jan 17, 2016 at 09:10:23PM -0500, Stephen Frost wrote: > > While the group owner of the directory is a distributions question, the > > permissions are usually a backup-method-specific requirement. I can see > > us creating an SQL function that opens up group permissions on the data > >

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Stephen Frost
* Bruce Momjian (br...@momjian.us) wrote: > On Sun, Jan 17, 2016 at 09:10:23PM -0500, Stephen Frost wrote: > > > While the group owner of the directory is a distributions question, the > > > permissions are usually a backup-method-specific requirement. I can see > > > us creating an SQL function

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Bruce Momjian
On Sun, Jan 17, 2016 at 09:23:14PM -0500, Stephen Frost wrote: > > > Group ownership and permissions aren't a backup-method-specific > > > requirement either, in my view. I'm happy to chat with Marco (who has > > > said he would be weighing in on this thread when he is able to) > > > regarding

Re: [HACKERS] Additional role attributes && superuser review

2016-01-17 Thread Stephen Frost
* Bruce Momjian (br...@momjian.us) wrote: > On Sun, Jan 17, 2016 at 09:23:14PM -0500, Stephen Frost wrote: > > > > Group ownership and permissions aren't a backup-method-specific > > > > requirement either, in my view. I'm happy to chat with Marco (who has > > > > said he would be weighing in on

Re: [HACKERS] Additional role attributes && superuser review

2016-01-06 Thread Stephen Frost
Robert, Noah, I just wanted to start off by saying thank you for taking the time read and comment with your thoughts on this concept. I was a bit frustrated about it feeling rather late, but appreciate the comments which have been made as they've certainly been constructive. * Robert Haas

Re: [HACKERS] Additional role attributes && superuser review

2016-01-06 Thread Robert Haas
On Wed, Jan 6, 2016 at 11:13 AM, Stephen Frost wrote: > I just wanted to start off by saying thank you for taking the time read > and comment with your thoughts on this concept. I was a bit frustrated > about it feeling rather late, but appreciate the comments which have >

Re: [HACKERS] Additional role attributes && superuser review

2016-01-05 Thread Noah Misch
On Mon, Jan 04, 2016 at 12:55:16PM -0500, Stephen Frost wrote: > * Noah Misch (n...@leadboat.com) wrote: > > On Tue, Dec 29, 2015 at 08:35:50AM -0500, Stephen Frost wrote: > I'm approaching this largely from a 3rd-party application perspective. > There are two examples off-hand which I'm

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Stephen Frost
* Michael Paquier (michael.paqu...@gmail.com) wrote: > On Thu, Dec 31, 2015 at 4:26 PM, Noah Misch wrote: > > The proposed pg_replication role introduces abstraction that could, as you > > hope, spare a DBA from studying sets of functions to grant together. The > >

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Tue, Dec 29, 2015 at 5:35 AM, Stephen Frost wrote: > > * Noah Misch (n...@leadboat.com) wrote: > >> > Updated patch attached. I'll give it another good look and then commit > >> > it, barring objections. > >> > >> This thread

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Robert Haas
On Mon, Jan 4, 2016 at 12:55 PM, Stephen Frost wrote: > I'd like to be able to include, in both of those, a simple set of > instructions for granting the necessary rights to the user who is > running those processes. A set of rights which an administrator can go > look up and

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Robert Haas
On Mon, Jan 4, 2016 at 4:56 PM, Stephen Frost wrote: >> First, it's not really going to matter to users very much whether the >> command to enable one of these features is a single GRANT command or a >> short sequence of GRANT commands executed one after another. So even >>

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Mon, Jan 4, 2016 at 12:55 PM, Stephen Frost wrote: > > I'd like to be able to include, in both of those, a simple set of > > instructions for granting the necessary rights to the user who is > > running those processes. A set

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Robert Haas
On Mon, Jan 4, 2016 at 5:22 PM, Stephen Frost wrote: >> So, is this another case where the support is all in off-list fora and >> thus invisible, or can you point to specific on-list discussions where >> it was supported, and to the opinions offered in support? I don't >>

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Robert Haas
On Mon, Jan 4, 2016 at 3:07 PM, Stephen Frost wrote: > I'm not sure it's entirely relevant now- I've outlined the reasoning in > my email to Noah as a, hopefully, pretty comprehensive summary. If that > doesn't sway your minds then it seems unlikely that a reference to a >

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Mon, Jan 4, 2016 at 3:07 PM, Stephen Frost wrote: > > I'm not sure it's entirely relevant now- I've outlined the reasoning in > > my email to Noah as a, hopefully, pretty comprehensive summary. If that > > doesn't sway your

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Alvaro Herrera
Based on the feedback here, I have returned this patch to Needs Review status. (Waiting on Author would be fairer actually, since we are waiting for an updated version.) As far as I can make it from Noah and Robert's comments, what we would like to see here is a way for pg_dump to output

Re: [HACKERS] Additional role attributes && superuser review

2016-01-04 Thread Stephen Frost
Noah, * Noah Misch (n...@leadboat.com) wrote: > On Tue, Dec 29, 2015 at 08:35:50AM -0500, Stephen Frost wrote: > > * Noah Misch (n...@leadboat.com) wrote: > > > The one argument which you've put forth for adding the complexity of > > dumping catalog ACLs is that we might reduce the number of

Re: [HACKERS] Additional role attributes && superuser review

2016-01-03 Thread Stephen Frost
* Michael Paquier (michael.paqu...@gmail.com) wrote: > On Tue, Dec 29, 2015 at 11:55 PM, Stephen Frost wrote: > > I could go either way on that, really. I don't find namespace to be > > confusing when used in that way, but I'll change it since others do. > > It seems to me

Re: [HACKERS] Additional role attributes && superuser review

2016-01-03 Thread Michael Paquier
On Thu, Dec 31, 2015 at 4:26 PM, Noah Misch wrote: > On Tue, Dec 29, 2015 at 08:35:50AM -0500, Stephen Frost wrote: >> * Noah Misch (n...@leadboat.com) wrote: >> I disagree that we would. Having a single >> set of default roles which provide a sensible breakdown of permissions

Re: [HACKERS] Additional role attributes && superuser review

2015-12-30 Thread Noah Misch
On Tue, Dec 29, 2015 at 08:35:50AM -0500, Stephen Frost wrote: > * Noah Misch (n...@leadboat.com) wrote: > The one argument which you've put forth for adding the complexity of > dumping catalog ACLs is that we might reduce the number of default > roles provided to the user. Right. If "GRANT

Re: [HACKERS] Additional role attributes && superuser review

2015-12-30 Thread Robert Haas
On Tue, Dec 29, 2015 at 5:35 AM, Stephen Frost wrote: > * Noah Misch (n...@leadboat.com) wrote: >> > Updated patch attached. I'll give it another good look and then commit >> > it, barring objections. >> >> This thread and its satellite[1] have worked their way through a few

Re: [HACKERS] Additional role attributes && superuser review

2015-12-30 Thread Michael Paquier
On Thu, Dec 31, 2015 at 1:50 AM, Robert Haas wrote: > Under those circumstances, it seems very dubious to proceed > with this. Michael seems to think that we can go ahead and start > changing things and sort out whatever is broken later, but that > doesn't sound like a

Re: [HACKERS] Additional role attributes && superuser review

2015-12-29 Thread Michael Paquier
On Tue, Dec 29, 2015 at 11:55 PM, Stephen Frost wrote: > I could go either way on that, really. I don't find namespace to be > confusing when used in that way, but I'll change it since others do. It seems to me that the way patch does it is fine.. -- Michael -- Sent via

Re: [HACKERS] Additional role attributes && superuser review

2015-12-29 Thread Stephen Frost
Amit, * Amit Langote (langote_amit...@lab.ntt.co.jp) wrote: > On 2015/12/23 7:23, Stephen Frost wrote: > > Updated patch attached. I'll give it another good look and then commit > > it, barring objections. > > Just a minor nitpick about a code comment - > > /* > + * Check that the

Re: [HACKERS] Additional role attributes && superuser review

2015-12-29 Thread Stephen Frost
Noah, * Noah Misch (n...@leadboat.com) wrote: > > Updated patch attached. I'll give it another good look and then commit > > it, barring objections. > > This thread and its satellite[1] have worked their way through a few designs. > At first, it was adding role attributes, alongside existing

Re: [HACKERS] Additional role attributes && superuser review

2015-12-23 Thread Noah Misch
On Tue, Dec 22, 2015 at 05:23:47PM -0500, Stephen Frost wrote: > > >> On Tue, Dec 22, 2015 at 1:41 AM, Stephen Frost > > >> wrote: > > >>> Updated and rebased patch attached which takes the 'pg_switch_xlog' > > >>> default role back out, leaving us with: > > >>> > > >>>

Re: [HACKERS] Additional role attributes && superuser review

2015-12-23 Thread Amit Langote
Hi, On 2015/12/23 7:23, Stephen Frost wrote: > Updated patch attached. I'll give it another good look and then commit > it, barring objections. Just a minor nitpick about a code comment - /* + * Check that the user is not trying to create a role in the reserved + * "pg_"

Re: [HACKERS] Additional role attributes && superuser review

2015-12-22 Thread Stephen Frost
* Michael Paquier (michael.paqu...@gmail.com) wrote: > On Tue, Dec 22, 2015 at 2:54 PM, Amit Langote > wrote: > > On 2015/12/22 14:05, Michael Paquier wrote: > >> On Tue, Dec 22, 2015 at 1:41 AM, Stephen Frost wrote: > >>> Updated and rebased

Re: [HACKERS] Additional role attributes && superuser review

2015-12-21 Thread Michael Paquier
On Tue, Dec 22, 2015 at 1:41 AM, Stephen Frost wrote: > Updated and rebased patch attached which takes the 'pg_switch_xlog' > default role back out, leaving us with: > > pg_monitor - View privileged info > pg_backup - start/stop backups, switch xlog, create restore points >

Re: [HACKERS] Additional role attributes && superuser review

2015-12-21 Thread Michael Paquier
On Tue, Dec 22, 2015 at 2:54 PM, Amit Langote wrote: > On 2015/12/22 14:05, Michael Paquier wrote: >> On Tue, Dec 22, 2015 at 1:41 AM, Stephen Frost wrote: >>> Updated and rebased patch attached which takes the 'pg_switch_xlog' >>> default role

Re: [HACKERS] Additional role attributes && superuser review

2015-12-21 Thread Amit Langote
On 2015/12/22 14:05, Michael Paquier wrote: > On Tue, Dec 22, 2015 at 1:41 AM, Stephen Frost wrote: >> Updated and rebased patch attached which takes the 'pg_switch_xlog' >> default role back out, leaving us with: >> >> pg_monitor - View privileged info >> pg_backup -

Re: [HACKERS] Additional role attributes && superuser review

2015-12-21 Thread Stephen Frost
Michael, all, * Michael Paquier (michael.paqu...@gmail.com) wrote: > OK, let's do so then by having this one fall under pg_backup. Let's > not be my grunting concerns be an obstacle for this patch, and we > could still change it afterwards in this release beta cycle anyway > based on user

Re: [HACKERS] Additional role attributes && superuser review

2015-12-20 Thread Michael Paquier
On Tue, Dec 1, 2015 at 9:18 AM, Michael Paquier wrote: > On Tue, Dec 1, 2015 at 3:32 AM, Stephen Frost wrote: >> * Robert Haas (robertmh...@gmail.com) wrote: >>> On Fri, Nov 20, 2015 at 12:29 PM, Stephen Frost wrote: >>> > *

Re: [HACKERS] Additional role attributes && superuser review

2015-12-20 Thread Stephen Frost
Michael, * Michael Paquier (michael.paqu...@gmail.com) wrote: > On Tue, Dec 1, 2015 at 9:18 AM, Michael Paquier > wrote: > > OK, let's do so then by having this one fall under pg_backup. Let's > > not be my grunting concerns be an obstacle for this patch, and we > >

Re: [HACKERS] Additional role attributes && superuser review

2015-11-30 Thread Stephen Frost
* Robert Haas (robertmh...@gmail.com) wrote: > On Fri, Nov 20, 2015 at 12:29 PM, Stephen Frost wrote: > > * Michael Paquier (michael.paqu...@gmail.com) wrote: > >> On Thu, Nov 19, 2015 at 7:10 AM, Stephen Frost wrote: > >> > * Michael Paquier (michael.paqu...@gmail.com) wrote:

Re: [HACKERS] Additional role attributes && superuser review

2015-11-30 Thread Robert Haas
On Fri, Nov 20, 2015 at 12:29 PM, Stephen Frost wrote: > * Michael Paquier (michael.paqu...@gmail.com) wrote: >> On Thu, Nov 19, 2015 at 7:10 AM, Stephen Frost wrote: >> > * Michael Paquier (michael.paqu...@gmail.com) wrote: >> >> It seems weird to not have a dedicated role

Re: [HACKERS] Additional role attributes && superuser review

2015-11-30 Thread Alvaro Herrera
Stephen Frost wrote: > * Robert Haas (robertmh...@gmail.com) wrote: > > > I can think of a use-case for a user who can call pg_switch_xlog, but > > > not pg_start_backup()/pg_stop_backup(), but I have to admit that it > > > seems rather limited and I'm on the fence about it being a worthwhile > >

Re: [HACKERS] Additional role attributes && superuser review

2015-11-30 Thread Michael Paquier
On Tue, Dec 1, 2015 at 3:32 AM, Stephen Frost wrote: > * Robert Haas (robertmh...@gmail.com) wrote: >> On Fri, Nov 20, 2015 at 12:29 PM, Stephen Frost wrote: >> > * Michael Paquier (michael.paqu...@gmail.com) wrote: >> >> On Thu, Nov 19, 2015 at 7:10 AM,

Re: [HACKERS] Additional role attributes && superuser review

2015-11-24 Thread Alvaro Herrera
Stephen Frost wrote: > Even so, in the interest of having more fine-grained permission > controls, I've gone ahead and added a pg_switch_xlog default role. > Note that this means that pg_switch_xlog() can be called by both > pg_switch_xlog roles and pg_backup roles. I'd be very much against >

Re: [HACKERS] Additional role attributes && superuser review

2015-11-24 Thread Stephen Frost
On Tuesday, November 24, 2015, Alvaro Herrera wrote: > Stephen Frost wrote: > > > Even so, in the interest of having more fine-grained permission > > controls, I've gone ahead and added a pg_switch_xlog default role. > > Note that this means that pg_switch_xlog() can be

Re: [HACKERS] Additional role attributes && superuser review

2015-11-24 Thread Stephen Frost
Michael, * Michael Paquier (michael.paqu...@gmail.com) wrote: > On Sat, Nov 21, 2015 at 2:29 AM, Stephen Frost wrote: > > * Michael Paquier (michael.paqu...@gmail.com) wrote: > > Even so, in the interest of having more fine-grained permission > > controls, I've gone ahead and

Re: [HACKERS] Additional role attributes && superuser review

2015-11-21 Thread Michael Paquier
On Sat, Nov 21, 2015 at 2:29 AM, Stephen Frost wrote: > * Michael Paquier (michael.paqu...@gmail.com) wrote: > Even so, in the interest of having more fine-grained permission > controls, I've gone ahead and added a pg_switch_xlog default role. > Note that this means that

Re: [HACKERS] Additional role attributes && superuser review

2015-11-20 Thread Stephen Frost
* Michael Paquier (michael.paqu...@gmail.com) wrote: > On Thu, Nov 19, 2015 at 7:10 AM, Stephen Frost wrote: > > * Michael Paquier (michael.paqu...@gmail.com) wrote: > >> It seems weird to not have a dedicated role for pg_switch_xlog. > > > > I didn't add a pg_switch_xlog default role in this

Re: [HACKERS] Additional role attributes && superuser review

2015-11-19 Thread David Steele
On 11/19/15 2:13 AM, Michael Paquier wrote: > On Thu, Nov 19, 2015 at 7:10 AM, Stephen Frost wrote: >> * Michael Paquier (michael.paqu...@gmail.com) wrote: >>> It seems weird to not have a dedicated role for pg_switch_xlog. >> >> I didn't add a pg_switch_xlog default role in this patch series, but

Re: [HACKERS] Additional role attributes && superuser review

2015-11-18 Thread Michael Paquier
On Wed, Nov 18, 2015 at 10:06 PM, Michael Paquier wrote: > > > On Wed, Sep 30, 2015 at 8:11 PM, Stephen Frost wrote: > > * Heikki Linnakangas (hlinn...@iki.fi) wrote: > >> I agree with Robert's earlier point that this needs to be split into > >>

Re: [HACKERS] Additional role attributes && superuser review

2015-11-18 Thread Michael Paquier
On Wed, Sep 30, 2015 at 8:11 PM, Stephen Frost wrote: > * Heikki Linnakangas (hlinn...@iki.fi) wrote: >> I agree with Robert's earlier point that this needs to be split into >> multiple patches, which can then be reviewed and discussed >> separately. Pending that, I'm going to

Re: [HACKERS] Additional role attributes && superuser review

2015-11-18 Thread Stephen Frost
Michael, Thanks for the review! * Michael Paquier (michael.paqu...@gmail.com) wrote: > Patch needs a rebase, some catalog OIDs and there was a conflict in misc.c > (see attached for the rebase. none of the comments mentioning issues are > fixed by it). Done (did it a bit differently from what

Re: [HACKERS] Additional role attributes && superuser review

2015-11-18 Thread Michael Paquier
On Thu, Nov 19, 2015 at 7:10 AM, Stephen Frost wrote: > * Michael Paquier (michael.paqu...@gmail.com) wrote: >> It seems weird to not have a dedicated role for pg_switch_xlog. > > I didn't add a pg_switch_xlog default role in this patch series, but > would be happy to do so if that's the

Re: [HACKERS] Additional role attributes && superuser review

2015-09-30 Thread Stephen Frost
* Heikki Linnakangas (hlinn...@iki.fi) wrote: > I agree with Robert's earlier point that this needs to be split into > multiple patches, which can then be reviewed and discussed > separately. Pending that, I'm going to mark this as "Waiting on > author" in the commitfest. Attached is an initial

Re: [HACKERS] Additional role attributes superuser review

2015-08-25 Thread Michael Paquier
On Sat, Jul 11, 2015 at 6:06 AM, Heikki Linnakangas wrote: On 05/08/2015 07:35 AM, Stephen Frost wrote: In consideration of the fact that you can't create schemas which start with pg_ and therefore the default search_path wouldn't work for that user, and that we also reserve pg_ for

Re: [HACKERS] Additional role attributes superuser review

2015-07-10 Thread Heikki Linnakangas
On 05/08/2015 07:35 AM, Stephen Frost wrote: Gavin, * Gavin Flower (gavinflo...@archidevsys.co.nz) wrote: What if I had a company with several subsidiaries using the same database, and want to prefix roles and other things with the subsidiary's initials? (I am not saying this would be a good

Re: [HACKERS] Additional role attributes superuser review

2015-05-07 Thread Stephen Frost
Gavin, * Gavin Flower (gavinflo...@archidevsys.co.nz) wrote: What if I had a company with several subsidiaries using the same database, and want to prefix roles and other things with the subsidiary's initials? (I am not saying this would be a good architecture!!!) If you admit that it's not

Re: [HACKERS] Additional role attributes superuser review

2015-04-29 Thread Robert Haas
On Wed, Apr 29, 2015 at 10:47 AM, Stephen Frost sfr...@snowman.net wrote: Here is the latest revision of this patch. I think this patch is too big and does too many things. It should be broken up into small patches which can be discussed and validated independently. The fact that your commit

Re: [HACKERS] Additional role attributes superuser review

2015-04-29 Thread Alvaro Herrera
Robert Haas wrote: I think that if you commit this the way you have it today, everybody will go, oh, look, Stephen committed something, but it looks complicated, I won't pay attention. Yeah, that sucks. Finally, you've got the idea of making pg_ a reserved prefix for roles, adding some

Re: [HACKERS] Additional role attributes superuser review

2015-04-29 Thread Stephen Frost
Robert, all, * Stephen Frost (sfr...@snowman.net) wrote: * Stephen Frost (sfr...@snowman.net) wrote: * Robert Haas (robertmh...@gmail.com) wrote: The tricky part of this seems to me to be the pg_dump changes. The new catalog flag seems a little sketchy to me; wouldn't it be better to

Re: [HACKERS] Additional role attributes superuser review

2015-04-29 Thread Gavin Flower
On 30/04/15 12:20, Alvaro Herrera wrote: Robert Haas wrote: I think that if you commit this the way you have it today, everybody will go, oh, look, Stephen committed something, but it looks complicated, I won't pay attention. Yeah, that sucks. Finally, you've got the idea of making pg_ a

Re: [HACKERS] Additional role attributes superuser review

2015-04-29 Thread Robert Haas
On Wed, Apr 29, 2015 at 8:20 PM, Alvaro Herrera alvhe...@2ndquadrant.com wrote: Finally, you've got the idea of making pg_ a reserved prefix for roles, adding some predefined roles, and giving them some predefined privileges. That should be yet another patch. On this part I have a bit of a

Re: [HACKERS] Additional role attributes superuser review

2015-04-13 Thread Stephen Frost
Robert, * Stephen Frost (sfr...@snowman.net) wrote: * Robert Haas (robertmh...@gmail.com) wrote: On Thu, Apr 2, 2015 at 12:53 AM, Stephen Frost sfr...@snowman.net wrote: Clearly, further testing and documentation is required and I'll be getting to that over the next couple of days, but

Re: [HACKERS] Additional role attributes superuser review

2015-04-02 Thread Robert Haas
On Thu, Apr 2, 2015 at 12:53 AM, Stephen Frost sfr...@snowman.net wrote: * Tom Lane (t...@sss.pgh.pa.us) wrote: Stephen Frost sfr...@snowman.net writes: REVOKE'ing access *without* removing the permissions checks would defeat the intent of these changes, which is to allow an administrator to

Re: [HACKERS] Additional role attributes superuser review

2015-04-02 Thread Stephen Frost
Robert, * Robert Haas (robertmh...@gmail.com) wrote: On Thu, Apr 2, 2015 at 12:53 AM, Stephen Frost sfr...@snowman.net wrote: Clearly, further testing and documentation is required and I'll be getting to that over the next couple of days, but it's pretty darn late and I'm currently getting

Re: [HACKERS] Additional role attributes superuser review

2015-04-01 Thread Stephen Frost
* Tom Lane (t...@sss.pgh.pa.us) wrote: Stephen Frost sfr...@snowman.net writes: REVOKE'ing access *without* removing the permissions checks would defeat the intent of these changes, which is to allow an administrator to grant the ability for a certain set of users to cancel and/or terminate

Re: [HACKERS] Additional role attributes superuser review

2015-03-16 Thread Stephen Frost
* Tom Lane (t...@sss.pgh.pa.us) wrote: Stephen Frost sfr...@snowman.net writes: ... Lastly, there is the question of pg_cancel_backend and pg_terminate_backend. My thinking on this is to create a new 'pg_signal_backend' which admins could grant access to and leave the existing functions

Re: [HACKERS] Additional role attributes superuser review

2015-03-16 Thread Stephen Frost
All, * Stephen Frost (sfr...@snowman.net) wrote: Alright, I've got an initial patch to do this for pg_start/stop_backup, pg_switch_xlog, and pg_create_restore_point. The actual backend changes are quite small, as expected. I'll add in the changes for the other functions being discussed and

Re: [HACKERS] Additional role attributes superuser review

2015-03-16 Thread Tom Lane
Stephen Frost sfr...@snowman.net writes: ... Lastly, there is the question of pg_cancel_backend and pg_terminate_backend. My thinking on this is to create a new 'pg_signal_backend' which admins could grant access to and leave the existing functions alone (modulo the change for

Re: [HACKERS] Additional role attributes superuser review

2015-03-16 Thread Tom Lane
Stephen Frost sfr...@snowman.net writes: * Tom Lane (t...@sss.pgh.pa.us) wrote: That seems fairly ugly. Why would we need a new, duplicative function here? (Apologies if the reasoning was spelled out upthread, I've not been paying much attention.) Currently, those functions allow users to

Re: [HACKERS] Additional role attributes superuser review

2015-03-07 Thread Stephen Frost
Peter, all, * Peter Eisentraut (pete...@gmx.net) wrote: Why are we not using roles and function execute privileges for this? Alright, I've got an initial patch to do this for pg_start/stop_backup, pg_switch_xlog, and pg_create_restore_point. The actual backend changes are quite small, as

Re: [HACKERS] Additional role attributes superuser review

2015-03-05 Thread Stephen Frost
* Peter Eisentraut (pete...@gmx.net) wrote: On 2/28/15 10:10 PM, Stephen Frost wrote: * Adam Brightwell (adam.brightw...@crunchydatasolutions.com) wrote: I have attached and updated patch for review. Thanks! I've gone over this and made quite a few documentation and comment updates,

Re: [HACKERS] Additional role attributes superuser review

2015-03-04 Thread Peter Eisentraut
On 2/28/15 10:10 PM, Stephen Frost wrote: Adam, * Adam Brightwell (adam.brightw...@crunchydatasolutions.com) wrote: I have attached and updated patch for review. Thanks! I've gone over this and made quite a few documentation and comment updates, but not too much else, so I'm pretty happy

Re: [HACKERS] Additional role attributes superuser review

2015-03-02 Thread Adam Brightwell
Alvaro, I thought I saw a comment about using underscore to separate words in privilege names, such as EXCLUSIVE_BACKUP rather than running it all together. Was that idea discarded? I'm not sure there was an actual discussion on the topic. Though, at one point I had proposed it as one of

Re: [HACKERS] Additional role attributes superuser review

2015-03-02 Thread Alvaro Herrera
Adam Brightwell wrote: Alvaro, I thought I saw a comment about using underscore to separate words in privilege names, such as EXCLUSIVE_BACKUP rather than running it all together. Was that idea discarded? I'm not sure there was an actual discussion on the topic. Though, at one point

Re: [HACKERS] Additional role attributes superuser review

2015-03-02 Thread Tom Lane
Stephen Frost sfr...@snowman.net writes: * Alvaro Herrera (alvhe...@2ndquadrant.com) wrote: If we were choosing those names nowadays, would we choose CREATEDB at all in the first place? I think we'd go for something more verbose, probably CREATE_DATABASE. (CREATEROLE is not as old as

Re: [HACKERS] Additional role attributes superuser review

2015-03-02 Thread Stephen Frost
* Alvaro Herrera (alvhe...@2ndquadrant.com) wrote: Adam Brightwell wrote: I'm not sure there was an actual discussion on the topic. Though, at one point I had proposed it as one of the forms of this attribute. Personally, I think it is easier to read with the underscore. But, ultimately,

Re: [HACKERS] Additional role attributes superuser review

2015-03-02 Thread Stephen Frost
* Tom Lane (t...@sss.pgh.pa.us) wrote: Stephen Frost sfr...@snowman.net writes: * Alvaro Herrera (alvhe...@2ndquadrant.com) wrote: If we were choosing those names nowadays, would we choose CREATEDB at all in the first place? I think we'd go for something more verbose, probably

Re: [HACKERS] Additional role attributes superuser review

2015-03-02 Thread Alvaro Herrera
Stephen Frost wrote: Alvaro, * Alvaro Herrera (alvhe...@2ndquadrant.com) wrote: That being so, I would consider the idea that the NO bit is a separate word rather than run together with the actual privilege name. And given that CREATE has all the options default to NO, there is no need

Re: [HACKERS] Additional role attributes superuser review

2015-03-02 Thread Stephen Frost
Alvaro, * Alvaro Herrera (alvhe...@2ndquadrant.com) wrote: Let's go with the NO_ prefix then ... that seems better to me than no separator. Works for me. Thanks! Stephen signature.asc Description: Digital signature

Re: [HACKERS] Additional role attributes superuser review

2015-03-01 Thread Alvaro Herrera
Stephen Frost wrote: Thanks! I've gone over this and made quite a few documentation and comment updates, but not too much else, so I'm pretty happy with how this is coming along. As mentioned elsewhere, this conflicts with the GetUserId() to has_privs_of_role() cleanup, but as I anticipate

Re: [HACKERS] Additional role attributes superuser review

2015-03-01 Thread Stephen Frost
* Alvaro Herrera (alvhe...@2ndquadrant.com) wrote: Stephen Frost wrote: Thanks! I've gone over this and made quite a few documentation and comment updates, but not too much else, so I'm pretty happy with how this is coming along. As mentioned elsewhere, this conflicts with the

  1   2   >