On Fri, Feb 10, 2017 at 8:39 PM, Peter Geoghegan <p...@bowt.ie> wrote: > On Thu, Feb 9, 2017 at 2:32 PM, Andres Freund <and...@anarazel.de> wrote: >> Except that the proposed names aren't remotely like that... ;). > > Revision attached -- V5. We now REVOKE ALL on both functions, as > Robert suggested, instead of the previous approach of having a > hard-coded superuser check with enforcement. > >> And I proposed documenting named parameters, and >> check_btree(performing_check_requiring_exclusive_locks => true) is just >> about as expressive. > > I have not done this, nor have I renamed the functions. I still think > that this is something that we can fix by adding a boolean argument to > each function in the future, or something along those lines. I > *really* hate the idea of having one function with non-obvious, > variable requirements on locking, with locking implications that are > not knowable when we PREPARE an SQL statement calling the function. It > also removes a useful way of have superusers discriminate against the > stronger locking variant bt_index_parent_check() by not granting > execute on it (as an anti-footgun measure).
I think Andres is more or less correct that "performing_check_requiring_exclusive_locks => true" is just about as expressive as calling a different function, but I think that your point that the superuser might want to grant access to one function but not the other is a good one. On the other hand, I think Andres has a concern that we might have more modes in the future and we don't want to end up with 2^n entrypoints. That also seems valid. Hmm. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
