On Tue, Nov 16, 2021 at 3:38 PM Andrew Dunstan <and...@dunslane.net> wrote: > Your original and fairly simple set of patches used hardcoded role names > and sets of GUCs they could update via ALTER SYSTEM. I suggested to you > privately that a more flexible approach would be to drive this from a > catalog table. I had in mind a table of more or less <roleid, guc_name>. > You could prepopulate it with the roles / GUCs from your original patch > set. I don't think it needs to be initially empty. But DBAs would be > able to modify and extend the settings. I agree with Tom that we > shouldn't try to cover all GUCs in the table - any GUC without an entry > can only be updated by a superuser.
I simply can't understand the point of this. You're basically proposing that somebody has to execute one SQL statement to make a GUC grantable, and then a second SQL statement to actually grant access to it. What is the value in that? It is the same person doing both things, and the system can work out automatically what needs to be done. -- Robert Haas EDB: http://www.enterprisedb.com
