> This would be nice, but there is nothing to hang our hat on: > > GRANT CHECKPOINT TO username;
Thinking about this more, why don't we just add CHECKPOINT and NOCHECKPOINT attributes to roles?
ALTER ROLE username WITH CHECKPOINT;
At present, this would require adding a field to pg_authid. This isn't very scalable; but we're already creating new pg_* roles which give access to various actions so I don't know why a role attribute would be a better approach. If anything, I think it would be more likely to move in the other direction: replace role attributes that in effect grant privileges with predefined roles. I think this has already been discussed here in the context of CREATEROLE.