Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mnLyX-0002rU-EJ for pgsql-hackers@arkaria.postgresql.org; Wed, 17 Nov 2021 14:31:49 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1mnLyW-0001H6-8u for pgsql-hackers@arkaria.postgresql.org; Wed, 17 Nov 2021 14:31:48 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mnLyV-0001Gx-Vm for pgsql-hackers@lists.postgresql.org; Wed, 17 Nov 2021 14:31:47 +0000 Received: from relay6-d.mail.gandi.net ([217.70.183.198]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mnLyT-0000IZ-0K for pgsql-hackers@postgresql.org; Wed, 17 Nov 2021 14:31:47 +0000 Received: (Authenticated sender: adsend@dunslane.net) by relay6-d.mail.gandi.net (Postfix) with ESMTPSA id 4879FC0010; Wed, 17 Nov 2021 14:31:41 +0000 (UTC) Message-ID: <1500eb6d-fb8f-acd2-b39e-c3ccaf7e3f1b@dunslane.net> Date: Wed, 17 Nov 2021 09:31:40 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: Granting SET and ALTER SYSTE privileges for GUCs Content-Language: en-US To: Tom Lane , Mark Dilger Cc: Robert Haas , PostgreSQL-development References: <3D691E20-C1D5-4B80-8BA5-6BEB63AF3029@enterprisedb.com> <2226110.1637075835@sss.pgh.pa.us> <2226903.1637076537@sss.pgh.pa.us> <2231899.1637081047@sss.pgh.pa.us> <38BEC583-DB34-4918-BCBC-DC896F0D3844@enterprisedb.com> <055d86ff-9c95-f1d4-c974-29896767561e@dunslane.net> <7DFFECF0-373B-40B0-BCA0-A5ADD9266FFA@enterprisedb.com> <2347082.1637100769@sss.pgh.pa.us> From: Andrew Dunstan In-Reply-To: <2347082.1637100769@sss.pgh.pa.us> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 11/16/21 17:12, Tom Lane wrote: > >>> To support pg_dump and pg_upgrade, it might be better to have an >>> enabled/disabled flag rather than to delete rows. >> I'm not really sure what this means. > I didn't see the point of this either. We really need to KISS here. > Every bit of added complexity in the catalog representation is another > opportunity for bugs-of-omission, not to mention a detail that you > have to provide mechanisms to dump and restore. > > Well, I was trying (perhaps not very well) to imagine how to deal with someone modifying the permissions of one of the predefined roles. Say pg_foo has initial permission to set bar and baz, and the DBA removes permission to set baz. How is pg_dump going to emit the right commands to allow a safe pg_upgrade? Maybe we should say that the permissions for the predefined roles are immutable, so only permissions sets for user defined roles are mutable. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com