On Thu, Feb 9, 2017 at 3:05 AM, Andres Freund <andres@anarazel.de> wrote:
>> +#define CHECK_SUPERUSER() { \
>> + if (!superuser()) \
>> + ereport(ERROR, \
>> + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), \
>> + (errmsg("must be superuser to use verification functions")))); }
>
> Please make this either a function or just copy - the macro doesn't buy
> us anything except weirder looking syntax.
Better yet, remove the check altogether and just revoke access from
public. Then the default policy is superuser-only, but the DBA can
grant access to who they wish.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company