Re: Additional role attributes && superuser review

On 15/10/14 07:22, Stephen Frost wrote:
>
>    First though, the new privileges, about which the bikeshedding can
>    begin, short-and-sweet format:
>
>    BACKUP:
>      pg_start_backup()
>      pg_stop_backup()
>      pg_switch_xlog()
>      pg_create_restore_point()

As others have commented, I too think this should support pg_dump.

>
>    For posterity's sake, here's my review and comments on the various
>    existing superuser checks in the backend (those not addressed above):
>
>    CREATE EXTENSION
>      This could be a role attribute as the others above, but I didn't
>      want to try and include it in this patch as it has a lot of hairy
>      parts, I expect.

Yeah it will, mainly because extensions can load modules and can have 
untrusted functions, we might want to limit which extensions are 
possible to create without being superuser.

>
>    tcop/utility.c
>      LOAD (load shared library)
>

This already somewhat handles non-superuser access. You can do LOAD as 
normal user as long as the library is in $libdir/plugins directory so it 
probably does not need separate role attribute (might be somehow useful 
in combination with CREATE EXTENSION though).

>
>    commands/functioncmds.c
>      create untrusted-language functions
>

I often needed more granularity there (plproxy).

>
>    commands/functioncmds.c
>      execute DO blocks with untrusted languages
>

I am not sure if this is significantly different from untrusted-language 
functions.


--  Petr Jelinek                  http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training &
Services