On Fri, Jul 22, 2022 at 03:25:16PM -0700, Nathan Bossart wrote:
> On Fri, Jul 22, 2022 at 04:16:14PM -0400, Tom Lane wrote:
> > Clearly, you need enough privilege to SET the parameter, and you need
> > some sort of management privilege on the target role or DB. There
> > might be room to discuss w
On Fri, Jul 22, 2022 at 04:16:14PM -0400, Tom Lane wrote:
> Clearly, you need enough privilege to SET the parameter, and you need
> some sort of management privilege on the target role or DB. There
> might be room to discuss what that per-role/DB privilege needs to be.
> But I'm very skeptical tha
arameter_acl catalog. For example, if a role is
> granted the ability to SET a PGC_SUSET GUC, it also has the ability to
> ALTER ROLE/DATABASE SET that GUC. A couple of recent threads have alluded
> to the possibility of introducing a new set of privileges for ALTER
> ROLE/DATABASE SET [
example, if a role is
granted the ability to SET a PGC_SUSET GUC, it also has the ability to
ALTER ROLE/DATABASE SET that GUC. A couple of recent threads have alluded
to the possibility of introducing a new set of privileges for ALTER
ROLE/DATABASE SET [0] [1], so I thought I'd start the discu
