Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vsysS-00CSR1-2L for pgsql-hackers@arkaria.postgresql.org; Thu, 19 Feb 2026 07:55:13 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vsysR-002ZFO-1V for pgsql-hackers@arkaria.postgresql.org; Thu, 19 Feb 2026 07:55:11 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vsysR-002ZFF-0N for pgsql-hackers@lists.postgresql.org; Thu, 19 Feb 2026 07:55:11 +0000 Received: from udcm-wwu2.uni-muenster.de ([128.176.118.28]) by makus.postgresql.org with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1vsysN-000000006NA-1jYI for pgsql-hackers@lists.postgresql.org; Thu, 19 Feb 2026 07:55:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=uni-muenster.de; i=@uni-muenster.de; q=dns/txt; s=uniout; t=1771487709; x=1803023709; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=0EI+rYvzEakMaFy+7dkg6MTeawQFnORcdMrsX/0fetg=; b=UXd+lO9srDpp2QW5AN3snUQwZx3GCRmyPrWZdl56M5ZUZRyxpMCDI39b Ted5a4qNCi/+hdWyoJls3L6oA4Wi+QVv0iiljx4Idz1Bs8cOym0ex5dD0 VsKq1uN5nUIMPDNfPmpNTOXfy36Bedzct1TPntCIfdVdxb00UWr4v1xm0 4Y+UwzvZ0Le05AEbE8+qWPu/qw/a3SwhmsZ+tqVm+6ayy7ECaaDMbXsVr 44PqYjx5MrnTueTBned/knd4RoTgcbcZLhwaFoIiUq4BHBfdMQvkZna1y sAYxGBwEnFCJ+85YFxb3wZE6hkuRmz7zFUBIeH7OCy8xXpMhhXkIyGqSk A==; X-CSE-ConnectionGUID: dVlg8EezSHKz1fuGEjKleg== X-CSE-MsgGUID: Q87aybI1TmOLxmpNPgvMlA== X-IronPort-AV: E=Sophos;i="6.21,299,1763420400"; d="scan'208";a="385268396" Received: from secmail.uni-muenster.de ([128.176.118.4]) by UDCM-RELAY2.UNI-MUENSTER.DE with ESMTP; 19 Feb 2026 08:55:05 +0100 Received: from [192.168.178.27] (dynamic-093-133-039-035.93.133.pool.telefonica.de [93.133.39.35]) by SECMAIL.UNI-MUENSTER.DE (Postfix) with ESMTPSA id 708D620ADF00; Thu, 19 Feb 2026 08:55:04 +0100 (CET) Message-ID: <1d49e214-93bc-4928-945c-27e60251a6ad@uni-muenster.de> Date: Thu, 19 Feb 2026 08:55:03 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: WIP - xmlvalidate implementation from TODO list To: Marcos Magueta Cc: Andrey Borodin , Kirill Reshke , PostgreSQL Hackers References: <68a012d3-121b-418a-913b-aa0aaf32915d@uni-muenster.de> <2898f090-d9cf-475c-940c-a99da4a308f1@uni-muenster.de> <08052569-9384-41b5-bcb7-33929fcc6c71@uni-muenster.de> <2ba05acc-6392-42a4-b59e-61df086b2d4d@uni-muenster.de> Content-Language: de-DE, en-GB From: Jim Jones In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Hi Marcos, Thanks for the update. On 18/02/2026 20:20, Marcos Magueta wrote: > Here's the v6 with the docs updated and some minor things. Unfortunately, the patch no longer applies.[1] > I was trying to figure out how to do the roles, and I have some thoughts > on it now. While I am not particularly against predefined roles, I think > we should be careful before committing to them in this form. As > predefined roles, they would effectively become part of a long-term > public interface: once they exist, we should then carry them forward and > preserve their semantics across releases, so adding a feature-specific > role increases permanent surface area (docs, tests, upgrade behavior, > compatibility expectations) and is harder to revisit later if the > privilege model evolves (which I think will make people mad, it's XML > burden after all). > > Also, a write-oriented role is not as straightforward as I thought with > the current ownership model (and that's me guessing here). Mutating DDL > behavior is still owner-driven (or superuser-driven) most of the places, > not purely ACL-driven, so a pg_write_xmlschemas role can look clearer at > first glance than it is in practice. To make that role fully consistent, > we may need broader policy decisions around what should be grantable > versus what should remain ownership-based, not just new role entries. > Again, I am not opposed to the idea, but these made me a bit anxious to > simply add them. What are your thoughts on these? The creation of XML schemas does not need to be specifically controlled by predefined roles - it was just the first thing that came to mind. My concern was that leaving it entirely open to any user could lead to unwanted CPU or memory usage. Perhaps the other reviewers have a different opinion on this. Best, Jim 1 - https://cfbot.cputube.org/patch_6372.log