Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1YMm96-0002EN-HH for pgsql-hackers@arkaria.postgresql.org; Sat, 14 Feb 2015 23:29:08 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.80) (envelope-from ) id 1YMm94-0000NG-Mk for pgsql-hackers@arkaria.postgresql.org; Sat, 14 Feb 2015 23:29:06 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1YMm93-0000N9-Bs for pgsql-hackers@postgresql.org; Sat, 14 Feb 2015 23:29:05 +0000 Received: from mail-bn1on0607.outbound.protection.outlook.com ([2a01:111:f400:fc10::607] helo=na01-bn1-obe.outbound.protection.outlook.com) by magus.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1YMm8x-0000EK-7R for pgsql-hackers@postgresql.org; Sat, 14 Feb 2015 23:29:03 +0000 Received: from decina.attlocal.net (2602:306:ce8b:3460:30cd:b2b0:3153:f094) by CY1PR11MB0347.namprd11.prod.outlook.com (25.161.165.15) with Microsoft SMTP Server (TLS) id 15.1.87.18; Sat, 14 Feb 2015 23:28:49 +0000 Message-ID: <54DFDA26.9070502@BlueTreble.com> Date: Sat, 14 Feb 2015 17:28:38 -0600 From: Jim Nasby User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Robert Haas , happy times CC: pgsql-hackers , funnyxj.fxj , dingqi.lxb Subject: Re: restrict global access to be readonly References: In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [2602:306:ce8b:3460:30cd:b2b0:3153:f094] X-ClientProxiedBy: CY1PR00CA0017.namprd00.prod.outlook.com (25.160.142.155) To CY1PR11MB0347.namprd11.prod.outlook.com (25.161.165.15) Authentication-Results: taobao.com; dkim=none (message not signed) header.d=none; X-Microsoft-Antispam: UriScan:; X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR11MB0347; X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(601004); SRVR:CY1PR11MB0347; X-Forefront-PRVS: 0487C0DB7E X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(479174004)(51704005)(24454002)(377454003)(36756003)(62966003)(92566002)(77156002)(53416004)(65806001)(47776003)(65956001)(2950100001)(23676002)(33656002)(15975445007)(87266999)(551934003)(50466002)(86362001)(40100003)(80316001)(19580395003)(54356999)(83506001)(19580405001)(87976001)(122386002)(42186005)(65816999)(50986999)(46102003)(76176999)(3826002)(85282002)(336755003)(18886065003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR11MB0347; H:decina.attlocal.net; FPR:; SPF:None; MLV:sfv; LANG:en; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:;SRVR:CY1PR11MB0347; X-OriginatorOrg: bluetreble.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Feb 2015 23:28:49.8651 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR11MB0347 X-Pg-Spam-Score: -1.9 (-) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-hackers Precedence: bulk Sender: pgsql-hackers-owner@postgresql.org On 2/14/15 3:14 PM, Robert Haas wrote: > On Fri, Feb 13, 2015 at 3:32 AM, happy times wrote: >> I didn’t find any convenient way to restrict access to PostgreSQL databases >> to be read-only for all users. I need it in following scenarios: >> >> A) Planned switch-over from master to slave. We want to minimize impact >> within the planned switch-overs. So during the process we switch from master >> to slave, we would like to allow read-only transactions to be run on the >> original master until the switch-over complete and the new master starts >> taking user connections (we do the switch with virtual IP mechanism). I >> didn’t find way to do this on the database server side. Sure, we can utilize >> the runtime parameter default_transaction_read_only, however, it does not >> restrict user from changing transaction attribute to non-readonly mode, so >> is not safe. >> >> B) Blocking writing access when storage constraint is reached. We have >> massive PostgreSQL instances which are sold to external users with specific >> storage constraints and prices. When storage constraint for a specific >> instance is reached, we would rather change the instance to be readonly >> (then notify user to cleanup data or buy more storage) than shutdown the >> instance. Our current solution is putting a recovery.conf file to the >> instance (killing all existing connections) and restart the instance to get >> it into recovery mode (which is readonly), which is not pretty. >> >> C) Blocking writing access when an instance has expired. Similar with B), >> when the user’s contract with us expires about his/her instance, we want to >> firstly block the write access rather than shutdown the instance completely. >> >> Having that said, it would be very nice if there is a command like “SET >> GLOBAL_ACCESS TO READONLY | READWRITE” which does the job for the whole >> instance. I guess there could be others who want this feature too. >> >> So, have anyone considered or discussed about adding such a command? Is >> there anyone working on it (I would like to work on it if no)? > > I think this would be a useful feature and have thought about it > myself. I suggest that it be spelled like this: > > ALTER SYSTEM [ READ ONLY | READ WRITE ]; > > Although I like the idea, it's not clear to me how to implement it. Throw an error in AssignTransactionId/GetNewTransactionId? I see 4 calls to Get*TransactionId in logical replication, though arguably if we're fixing that we should look at doing something special for Slony and the likes. Related to this, a lot of people have expressed desire for read only tables. That would presumably be trickier to accomplish. -- Jim Nasby, Data Architect, Blue Treble Consulting Data in Trouble? Get it in Treble! http://BlueTreble.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers