On Sun, Oct 24, 2021 at 08:31:37PM -0700, Jeff Davis wrote: > The current patch doesn't allow members of pg_signal_backend to rotate > the log file. > > Do you think pg_signal_backend is the wrong group to allow usage of > pg_log_backend_memory_contexts()? Alternatively, it could simply not > GRANT anything, and leave that up to the administrator to choose who > can use it.
Hmm. Why don't you split the patch into two parts that can be discussed separately then? There would be one to remove all the superuser() checks you can think of, and a potential second to grant those function's execution to some system role. FWIW, if the barrier between a role and a function is thin, perhaps we'd better just limit ourselves to the removal of the superuser() checks for now rather than trying to plug more groups into the functions. When I have dealt with such issues in the past, I tend to just do the superuser()/REVOKE part without more GRANTs or even more system roles, as this is enough to give room to users to do what they want with their clusters. And this is a no-brainer. -- Michael
signature.asc
Description: PGP signature
