On 10/25/21, 2:21 AM, "Bharath Rupireddy" <bharath.rupireddyforpostg...@gmail.com> wrote: > On Mon, Oct 25, 2021 at 12:40 PM Michael Paquier <mich...@paquier.xyz> wrote: >> Hmm. Why don't you split the patch into two parts that can be >> discussed separately then? There would be one to remove all the >> superuser() checks you can think of, and a potential second to grant >> those function's execution to some system role. > > IMO, in this thread we can focus on remvong the > pg_log_backend_memory_contexts()'s superuser() check and +1 to start a > separate thread to remove superuser() checks for the other functions > and REVOKE the permissions in appropriate places, for system functins > system_functions.sql files, for extension functions, the extension > installation .sql files. See [1] and [2].
I like the general idea of removing hard-coded superuser checks first and granting execution to predefined roles second. I don't have any strong opinion about what should be done in this thread and what should be done elsewhere. Nathan
