public inbox for [email protected]
help / color / mirror / Atom feedFrom: Greg Sabino Mullane <[email protected]>
To: Peter Eisentraut <[email protected]>
Cc: Andrei Lepikhov <[email protected]>
Cc: Jack Bonatakis <[email protected]>
Cc: pgsql-hackers <[email protected]>
Cc: Bruce Momjian <[email protected]>
Cc: Andres Freund <[email protected]>
Subject: Re: Read-only connection mode for AI workflows.
Date: Fri, 20 Mar 2026 08:32:24 -0400
Message-ID: <CAKAnmmKgYqavU6xUPKgeOwOY0P9EycCmm339+PLaL5f4AQ9fNQ@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CADsUR0B9bcJQKYHyUMnWcODGzF5+AdeToawULkkTKfrq32Z-8w@mail.gmail.com>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
On Thu, Mar 19, 2026 at 6:09 AM Peter Eisentraut <[email protected]>
wrote:
> Here is a stalled project to implement ALTER SYSTEM READ ONLY:
>
> https://www.postgresql.org/message-id/flat/CAAJ_b97KZzdJsffwRK7w0XU5HnXkcgKgTR69t8cOZztsyXjkQw%40mai...
I think the scope of this request is much smaller than that one, so should
be more doable. That one, IIUC, is more of a ALTER SYSTEM
STOP_ALL_ACTIVITY_EVEN_WAL but we are looking for more of a "stop any overt
changes to our data via any non-select command" while still allowing all
sorts of background/maintenance activity to continue on. Basically,
anything that would cause a pg_dump to be different.
I'm a +1 to the cluster-wide change, and a -1 to the per-connection idea
that started this thread, because I still don't see the need for it when we
have an existing roles/permissions system that gets the job done. You want
your untrusted agent to read from your database? Create a specific role for
that. If our existing per-role access controls are not sufficient, improve
them.
Cheers,
Greg
view thread (20+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Read-only connection mode for AI workflows.
In-Reply-To: <CAKAnmmKgYqavU6xUPKgeOwOY0P9EycCmm339+PLaL5f4AQ9fNQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox