Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w3Z2G-001Lhm-2z
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 20 Mar 2026 12:33:05 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w3Z2F-005pF9-1I
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 20 Mar 2026 12:33:03 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <htamfids@gmail.com>)
	id 1w3Z2E-005pF1-3C
	for pgsql-hackers@lists.postgresql.org;
	Fri, 20 Mar 2026 12:33:03 +0000
Received: from mail-ot1-x32f.google.com ([2607:f8b0:4864:20::32f])
	by makus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <htamfids@gmail.com>)
	id 1w3Z2D-00000000AHk-2KwX
	for pgsql-hackers@postgresql.org;
	Fri, 20 Mar 2026 12:33:02 +0000
Received: by mail-ot1-x32f.google.com with SMTP id
 46e09a7af769-7d7e565c877so291142a34.3
        for <pgsql-hackers@postgresql.org>;
 Fri, 20 Mar 2026 05:33:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1774009981; cv=none;
        d=google.com; s=arc-20240605;
        b=KZnMq9ciyYrIDVdA+jsvn+dS2/vvVIyMWxmuvZRJAy+nwI4TSxsotnpMU0cBAOI08D
         tjFA1eGy9DmUXu34q/Sapeyr4dwIjRy5XZeybonkYVgcGVRbA6StpYS6OZU/bvFRKMeM
         pYg6yYUhxcGKJTKmOCt6YERbBcI9CffsV05Wq8fJqbA9En47qskwNnNXC7VYJDGKEtJR
         3Rq9/fHlbsR+G7x9u7QlIO9mcyP5tih0VQrOiZTHH9AkwboIjMS/SmWMfOksbY6uRcMY
         tchXBWTfMVeq+9Uj9+2GrXhADuIoXxai0yNzaTveTeebLx9T5U2XIQFG+16bsBlgW7TI
         w2VQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:dkim-signature;
        bh=VgX5jIT4gt5IN/FzTyxPdh7vPdMkh2nXTJLrOusv7q4=;
        fh=aqXZgs53lVweKbwbaixVZfXA9JLdXg6NVwVHKyZPCeU=;
        b=TioY+ZszgwChmOImgo9tGr6g0Qm8deg8pColQikwiT+mcIewo6RxyECB5NE9Drr68l
         Tqn3fineZ4NXMWTq3nibDSrSqUztbpbiycjabt5USrqh/imqW+wDI5TmUK4Mq2JN5No1
         aOvSpYiXEYL3l8YOdHN3G2+V8M3qW7R/P6Tg2ohwns9Yn9ZSDzJvUoAiknOZBcvqrrF+
         s7Y5FEvmaWgoGuU6Rb+ghuvybImCjZoYtUXT8T6UTn9giccKVLnStrH8j9nd6hpelYs7
         ShLxAgVLa4VhToNHscb7UPuwZg9X6pD/qugzVV4PB7rDFtqyGTmB7RlCEZ2ac+sBiOR4
         FoQQ==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1774009981; x=1774614781;
 darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=VgX5jIT4gt5IN/FzTyxPdh7vPdMkh2nXTJLrOusv7q4=;
        b=faBYcMCwdz13PpMuEjogaeabztOCn0zghf7rt18TjYwH9IvUVJscdg9HyGGVZfZmuS
         l0tikRJ9VPfU3sWq96zKNDoJMoVuLCtmp+WVtSKJqn6uk1ZxslmptC23Y5VMB+Fp6/85
         bedhxslqtBYBzS1hW/jtBK/wWXHuneI5Vip6XJb2k8tYDEvRAPpOJ+TZPtYa/opGcjbB
         aIjS+JHbPrKX9WiZ3A7xbhKeSFde4i6xOCZF7NBShllYfO/RRHF+Fh3oZu7VIlcL+S4B
         sodulyslEJGRbcUBjWtCfQ7fyx/eCQgriDKSkSLx1uPYbXitku2ZVLvKbc9S1vjojqEK
         ZOxw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774009981; x=1774614781;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=VgX5jIT4gt5IN/FzTyxPdh7vPdMkh2nXTJLrOusv7q4=;
        b=Kjs6yq3qCyvXL6znNRixRITFrqpURwWL6ygBdbqO56oD1mBfh9phl7MhIa3M8Rpgnf
         VWDJUJpYKyfyI7Zrg4xRqxGPHNdL+FEnzaTn8yiUiUz42hmgO8+S1ENrTn2n86ovWcw5
         1Wv4VLFfu4QIalIO6CfL0kPSX+UKFnaPOWAQgKaWsI+frduUOTIfVe6yG7DxH7iyrlt2
         trQfg3vbBlomiDm/verDC0/Zl7FcMxXXznvjkOgpO/FslX200JAK+SnSN0T+NbPQVInk
         zoVm4Nb8eyVe8Lkepdb8Qhzmq3CiPFmp/p5EnPS0w1num8oh0q0t5ZKgVcjfKhbxqAIQ
         8okQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCXebsbDI6SgewHVwMBF5mjKerNsF1B9+o+SIxpVq4+sfTMQppoGYRdu878+SbgNhP61r8OXuhQIOgteAUT/@postgresql.org
X-Gm-Message-State: AOJu0Yy3sqmIkYyaKyf9QgnNgwZjRiz5bWuBhYF7qOopDTVm8RQMe//j
	oPvwJNF9I00iaa2wPaMYNmrIVaQ2RF/+RBGxvfokTrGnnqgNYIpjvJ+KZlZoqnfpMn1zF0+0XEb
	u0e1PRbL++NPRWPBkFCK4Gp3pEiMOuTw=
X-Gm-Gg: ATEYQzwIjWvq/b2hBlhCvE8WbjE80uBYq3Fvdsao5JQVZXeDXPdF8Aog0GY8/NSj8tf
	L8aEWj6KKQCl3nkSbK2CsZ+Rcjcx0OhSYYnumHja/Syja67AVZqoICSLtLiWh8ZnEOz7UJC9HLv
	4t3At9PrPJGdquwoZljB+h7lk0T1pBsX11fAt3qXXnfloQrsFYTwcW9zgIcHXg0cD9LxiLSchCj
	skkjg7D9x1fNQXTUdYLo06rlJpL7SOhxrC87r2+Iwg0pQ3NsYOgftuvLE2ZHRHunfT3bgdweB/8
	FI4kASQtC2VBraKazaWR47vBZ2LeXXe8X2HQjl1B
X-Received: by 2002:a05:6820:2081:b0:67b:ba75:3eaa with SMTP id
 006d021491bc7-67c22bd07damr1882546eaf.11.1774009980776; Fri, 20 Mar 2026
 05:33:00 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CADsUR0B9bcJQKYHyUMnWcODGzF5+AdeToawULkkTKfrq32Z-8w@mail.gmail.com>
 <64f1c69a-ceff-4b17-8298-58f255d075fc@gmail.com>
 <dde00623-b8e0-421b-a3f7-b149768894ef@app.fastmail.com>
 <fab6a5f3-df9f-4bd7-b2ac-434a17303547@gmail.com>
 <7f6e0ff9-05e9-4664-9c71-d9dd744362b9@gmail.com>
 <138cfd8c-b305-4303-9700-bc53ff4fb926@eisentraut.org>
In-Reply-To: <138cfd8c-b305-4303-9700-bc53ff4fb926@eisentraut.org>
From: Greg Sabino Mullane <htamfids@gmail.com>
Date: Fri, 20 Mar 2026 08:32:24 -0400
X-Gm-Features: AaiRm50jYIgad5U369gwInBKYS1TeJC6yxaQYtSnBqKgHvHeKztjcDOz47Hpf0w
Message-ID: 
 <CAKAnmmKgYqavU6xUPKgeOwOY0P9EycCmm339+PLaL5f4AQ9fNQ@mail.gmail.com>
Subject: Re: Read-only connection mode for AI workflows.
To: Peter Eisentraut <peter@eisentraut.org>
Cc: Andrei Lepikhov <lepihov@gmail.com>, Jack Bonatakis <jack@bonatak.is>,
	pgsql-hackers <pgsql-hackers@postgresql.org>,
	Bruce Momjian <bruce.momjian@enterprisedb.com>,
 Andres Freund <andres@anarazel.de>
Content-Type: multipart/alternative; boundary="000000000000bb76ec064d73e2f8"
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAKAnmmKgYqavU6xUPKgeOwOY0P9EycCmm339%2BPLaL5f4AQ9fNQ%40mail.gmail.com>
Precedence: bulk

--000000000000bb76ec064d73e2f8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 19, 2026 at 6:09=E2=80=AFAM Peter Eisentraut <peter@eisentraut.=
org>
wrote:

> Here is a stalled project to implement ALTER SYSTEM READ ONLY:
>
> https://www.postgresql.org/message-id/flat/CAAJ_b97KZzdJsffwRK7w0XU5HnXkc=
gKgTR69t8cOZztsyXjkQw%40mail.gmail.com


I think the scope of this request is much smaller than that one, so should
be more doable. That one, IIUC, is more of a ALTER SYSTEM
STOP_ALL_ACTIVITY_EVEN_WAL but we are looking for more of a "stop any overt
changes to our data via any non-select command" while still allowing all
sorts of background/maintenance activity to continue on. Basically,
anything that would cause a pg_dump to be different.

I'm a +1 to the cluster-wide change, and a -1 to the per-connection idea
that started this thread, because I still don't see the need for it when we
have an existing roles/permissions system that gets the job done. You want
your untrusted agent to read from your database? Create a specific role for
that. If our existing per-role access controls are not sufficient, improve
them.

Cheers,
Greg

--000000000000bb76ec064d73e2f8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Thu, Mar 19, 2026 at 6:09=E2=80=AFAM P=
eter Eisentraut &lt;<a href=3D"mailto:peter@eisentraut.org">peter@eisentrau=
t.org</a>&gt; wrote:</div><div class=3D"gmail_quote gmail_quote_container">=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">Here is a stalled project=
 to implement ALTER SYSTEM READ ONLY: <br>
<a href=3D"https://www.postgresql.org/message-id/flat/CAAJ_b97KZzdJsffwRK7w=
0XU5HnXkcgKgTR69t8cOZztsyXjkQw%40mail.gmail.com" rel=3D"noreferrer" target=
=3D"_blank">https://www.postgresql.org/message-id/flat/CAAJ_b97KZzdJsffwRK7=
w0XU5HnXkcgKgTR69t8cOZztsyXjkQw%40mail.gmail.com</a></blockquote><div><br><=
/div><div>I think the scope of this request is much smaller than that one, =
so should be more doable. That one, IIUC, is more of a ALTER SYSTEM STOP_AL=
L_ACTIVITY_EVEN_WAL but we are looking for more of a &quot;stop any overt c=
hanges to our data via any non-select command&quot; while still allowing al=
l sorts of background/maintenance activity to continue on. Basically, anyth=
ing that would cause a pg_dump to be different.</div><div><br></div><div>I&=
#39;m a +1 to the cluster-wide change, and a -1 to the per-connection idea =
that started this thread, because I still don&#39;t see the need for it whe=
n we have an existing roles/permissions system that gets the job done. You =
want your untrusted agent to read from your database? Create a specific rol=
e for that. If our existing per-role access controls are not sufficient, im=
prove them.</div><div><br></div></div><div dir=3D"ltr" class=3D"gmail_signa=
ture"><div dir=3D"ltr"><div>Cheers,</div><div>Greg</div><div><br></div><div=
><br></div></div></div></div>

--000000000000bb76ec064d73e2f8--