On Wed, Jan 6, 2016 at 12:29:14PM -0500, Robert Haas wrote: > The point is that with the GRANT EXECUTE ON FUNCTION proposal, authors > of monitoring tools enjoy various really noteworthy advantages. They > can have monitoring roles which have *exactly* the privileges that > their tool needs, not whatever set of permissions (larger or smaller) > the core project has decide the pg_monitor role should have. They can > have optional features requiring extra permissions and those extra > permissions can be granted in precisely those shops where those extra > features are in use. They can deploy a new versions of their > monitoring tool that requires an extra privilege on an existing > PostgreSQL release without requiring any core modifications, which > shaves years of time off the deployment schedule and avoids > contentious arguments with the lovable folks who populate this mailing > list. That sounds *terrific* to me compared to the alternative you > are proposing.
I assume backup tools would either document the functions they want access to via SQL commands, or supply a script. I assume they would create a non-login role (group) with the desired permissions, and then have users inherit from that. They would also need to be able to allow upgrades where they would (conditionally?) add the role and then add/revoke permissions as needed, e.g. they might not need all permissions they needed in a previous release, or they might need new ones. That all seems very straight-forward to me. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Roman grave inscription + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers