diff options
| author | Tom Lane | 2022-04-06 17:24:33 +0000 |
|---|---|---|
| committer | Tom Lane | 2022-04-06 17:24:33 +0000 |
| commit | a0ffa885e478f5eeacc4e250e35ce25a4740c487 (patch) | |
| tree | 7ce236305d5eb50f34bfccaf9a662cf3f0b77adf /src/backend/commands/event_trigger.c | |
| parent | 2ef6f11b0c77ec323c688ddfd98ffabddb72c11d (diff) | |
Allow granting SET and ALTER SYSTEM privileges on GUC parameters.
This patch allows "PGC_SUSET" parameters to be set by non-superusers
if they have been explicitly granted the privilege to do so.
The privilege to perform ALTER SYSTEM SET/RESET on a specific parameter
can also be granted.
Such privileges are cluster-wide, not per database. They are tracked
in a new shared catalog, pg_parameter_acl.
Granting and revoking these new privileges works as one would expect.
One caveat is that PGC_USERSET GUCs are unaffected by the SET privilege
--- one could wish that those were handled by a revocable grant to
PUBLIC, but they are not, because we couldn't make it robust enough
for GUCs defined by extensions.
Mark Dilger, reviewed at various times by Andrew Dunstan, Robert Haas,
Joshua Brindle, and myself
Discussion: https://postgr.es/m/[email protected]
Diffstat (limited to 'src/backend/commands/event_trigger.c')
| -rw-r--r-- | src/backend/commands/event_trigger.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/backend/commands/event_trigger.c b/src/backend/commands/event_trigger.c index 3c3fc2515b7..46425278811 100644 --- a/src/backend/commands/event_trigger.c +++ b/src/backend/commands/event_trigger.c @@ -940,6 +940,7 @@ EventTriggerSupportsObjectType(ObjectType obtype) case OBJECT_DATABASE: case OBJECT_TABLESPACE: case OBJECT_ROLE: + case OBJECT_PARAMETER_ACL: /* no support for global objects */ return false; case OBJECT_EVENT_TRIGGER: @@ -1015,6 +1016,7 @@ EventTriggerSupportsObjectClass(ObjectClass objclass) case OCLASS_DATABASE: case OCLASS_TBLSPACE: case OCLASS_ROLE: + case OCLASS_PARAMETER_ACL: /* no support for global objects */ return false; case OCLASS_EVENT_TRIGGER: @@ -2042,6 +2044,8 @@ stringify_grant_objtype(ObjectType objtype) return "LARGE OBJECT"; case OBJECT_SCHEMA: return "SCHEMA"; + case OBJECT_PARAMETER_ACL: + return "PARAMETER"; case OBJECT_PROCEDURE: return "PROCEDURE"; case OBJECT_ROUTINE: @@ -2153,6 +2157,7 @@ stringify_adefprivs_objtype(ObjectType objtype) case OBJECT_OPCLASS: case OBJECT_OPERATOR: case OBJECT_OPFAMILY: + case OBJECT_PARAMETER_ACL: case OBJECT_POLICY: case OBJECT_PUBLICATION: case OBJECT_PUBLICATION_NAMESPACE: |