"Imseih (AWS), Sami" <simseih@amazon.com> writes:
> A recent case in the field in which a database session_authorization is
> altered to a non-superuser, non-owner of tables via alter database .. set session_authorization ..
> caused autovacuum to skip tables.
That seems like an extremely not-bright idea. What is the actual
use case for such a setting? Doesn't it risk security problems?
> Attached is a repro and a patch which sets the session user to the BOOTSTRAP superuser
> at the start of the autovac worker.
I'm rather unimpressed by this proposal, first because there are
probably ten other ways to break autovac with ill-considered settings,
and second because if we do want to consider this a supported case,
what about other background processes? They'd likely have issues
as well.
regards, tom lane