> What is the actual
> use case for such a setting?
I don't have exact details on the use-case, bit this is not a common
use-case.
> Doesn't it risk security problems?
I cannot see how setting it on the database being more problematic than
setting it on a session level.
> I'm rather unimpressed by this proposal, first because there are
> probably ten other ways to break autovac with ill-considered settings,
There exists code in autovac that safeguard for such settings. For example,
statement_timeout, lock_timeout are disabled. There are a dozen or
more other settings that are overridden for autovac.
I see this being just another one to ensure that autovacuum always runs
as superuser.
> and second because if we do want to consider this a supported case,
> what about other background processes? They'd likely have issues
> as well.
I have not considered other background processes, but autovac is the only
one that I can think of which checks for relation permissions.
Regards,
Sami