On Thu, Oct 16, 2014 at 11:24 AM, Alvaro Herrera <alvhe...@2ndquadrant.com> wrote: > Stephen Frost wrote: >> * Petr Jelinek (p...@2ndquadrant.com) wrote: >> > On 15/10/14 07:22, Stephen Frost wrote: >> > > First though, the new privileges, about which the bikeshedding can >> > > begin, short-and-sweet format: >> > > >> > > BACKUP: >> > > pg_start_backup() >> > > pg_stop_backup() >> > > pg_switch_xlog() >> > > pg_create_restore_point() >> > >> > As others have commented, I too think this should support pg_dump. >> >> I'm uttly mystified as to what that *means*. Everyone asking for it is >> great but until someone can define what "support pg_dump" means, there's >> not much progress I can make towards it.. > > To me, what this repeated discussion on this particular BACKUP point > says, is that the ability to run pg_start/stop_backend and the xlog > related functions should be a different privilege, i.e. something other > than BACKUP; because later we will want the ability to grant someone the > ability to run pg_dump on the whole database without being superuser, > and we will want to use the name BACKUP for that. So I'm inclined to > propose something more specific for this like WAL_CONTROL or > XLOG_OPERATOR, say.
I'm a little nervous that we're going to end up with a whole bunch of things with names like X_control, Y_operator, and Z_admin, which I think is particularly bad if we end up with a mix of styles and also bad (though less so) if we end up just tacking the word "operator" onto the end of everything. I'd suggest calling these capabilities, and allow: GRANT CAPABILITY whatever TO somebody; ...but keep extraneous words like "control" or "operator" out of the capabilities names themselves. So just wal, xlog, logfile, etc. rather than wal_operator, xlog_operator, logfile_operator and so on. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers