Re: Additional role attributes && superuser review

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> On Thu, Jan 15, 2015 at 6:03 PM, Adam Brightwell
> <adam(dot)brightwell(at)crunchydatasolutions(dot)com> wrote:
> > * ONLINE_BACKUP - allows role to perform backup operations
> > - originally proposed as BACKUP - due to concern for the use of that term
> > in relation to other potential backup related permissions this form is in
> > line with the documentation as it describes the affected backup operations
> > as being 'online backups'.
> > - applies only to the originally proposed backup functions.
>
> I'm slightly mystified as to how including the word "online" helps
> here. It's unlikely that there will be an offline_backup permission,
> because if the system is off-line, SQL-level permissions are
> irrelevant.

ONLINE does match up with what we call the pg_start/stop_backup based
backups in the documentation, at least. Also, it's intended to contrast
against pg_dump-based backups, not offline backups (which we don't
discuss at all in the docs that I can see).

Looking over the docs again a bit though, what about BACKUP_CONTROL,
following the title of 9.26.3?

Suggestions certainly welcome.

> > * LOG - allows role to rotate log files - remains broad enough to consider
> > future log related operations
>
> Maybe LOGFILE? Only because some confusion with the LOG message level
> seems possible; or confusion about whether this is a permission that
> lets you log things.

LOGFILE works for me.

Thanks!

Stephen