| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Additional role attributes && superuser review |
| Date: | 2014-10-16 12:21:53 |
| Message-ID: | 20141016122152.GT28859@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jim,
* Jim Nasby (Jim(dot)Nasby(at)BlueTreble(dot)com) wrote:
> On 10/15/14, 12:22 AM, Stephen Frost wrote:
> > BACKUP:
> > pg_start_backup()
> > pg_stop_backup()
> > pg_switch_xlog()
> > pg_create_restore_point()
>
> It seems odd to me that this (presumably) supports PITR but not pg_dump*. I realize that most folks probably don't use pg_dump for actual backups, but I think it is very common to use it to produce schema-only (maybe with data from a few tables as well) dumps for developers. I've certainly wished I could offer that ability without going full-blown super-user.
Can you clarify what you mean by "supports PITR but not pg_dump"?
The role attribute specifically allows a user to execute those
functions. Further, yes, this capability could be given to a role which
is used by, say, barman, to backup the database, or by other backup
solutions which do filesystem backups, but what do you mean by "does not
support pg_dump"?
What I think you're getting at here is a role attribute which can read
all data, which could certainly be done (as, say, a "READONLY"
attribute), but I view that a bit differently, as it could be used for
auditing and other purposes besides just non-superuser pg_dump support.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2014-10-16 12:29:51 | Re: Additional role attributes && superuser review |
| Previous Message | Andres Freund | 2014-10-16 12:08:07 | Re: Moving of INT64_FORMAT to c.h |