Gabriele Bartolini <gabriele.bartolini@enterprisedb.com> writes: > I would like to propose a patch that allows administrators to disable > `ALTER SYSTEM` via either a runt-time option to pass to the Postgres server > process at startup (e.g. `--disable-alter-system=true`, false by default) > or a new GUC (or even both), without changing the current default method of > the server.
ALTER SYSTEM is already heavily restricted.
Could you please help me better understand what you mean here?
I don't think we need random kluges added to the permissions system.
If you allow me, why do you think disabling ALTER SYSTEM altogether is a random kluge? Again, I'd like to better understand this position. I've personally been in many conversations on the security side of things for Postgres in Kubernetes environments, and this is a frequent concern by users who request that changes to the Postgres system (not a database) should only be done declaratively and prevented from within the system.