On Mon, Oct 25, 2021 at 12:40 PM Michael Paquier <mich...@paquier.xyz> wrote: > > On Sun, Oct 24, 2021 at 08:31:37PM -0700, Jeff Davis wrote: > > The current patch doesn't allow members of pg_signal_backend to rotate > > the log file. > > > > Do you think pg_signal_backend is the wrong group to allow usage of > > pg_log_backend_memory_contexts()? Alternatively, it could simply not > > GRANT anything, and leave that up to the administrator to choose who > > can use it. > > Hmm. Why don't you split the patch into two parts that can be > discussed separately then? There would be one to remove all the > superuser() checks you can think of, and a potential second to grant > those function's execution to some system role.
IMO, in this thread we can focus on remvong the pg_log_backend_memory_contexts()'s superuser() check and +1 to start a separate thread to remove superuser() checks for the other functions and REVOKE the permissions in appropriate places, for system functins system_functions.sql files, for extension functions, the extension installation .sql files. See [1] and [2]. [1] - https://www.postgresql.org/message-id/CALj2ACUhCFSUQmZhiQ%2Bw1kZdJGmhNP2cd1LZS4GVGowyjiqftQ%40mail.gmail.com [2] - https://www.postgresql.org/message-id/CAOuzzgpp0dmOFjWC4JDvk57ZQGm8umCrFdR1at4b80xuF0XChw%40mail.gmail.com Regards, Bharath Rupireddy.
