mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-27 08:39:28 +08:00
Add pg_checkpointer predefined role for CHECKPOINT command.
Any user with the privileges of pg_checkpointer can issue a CHECKPOINT command. Reviewed-by: Stephen Frost Discussion: https://postgr.es/m/67a1d667e8ec228b5e07f232184c80348c5d93f4.camel%40j-davis.com
This commit is contained in:
parent
b66767b56b
commit
4168a47454
@ -52,7 +52,9 @@ CHECKPOINT
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Only superusers can call <command>CHECKPOINT</command>.
|
||||
Only superusers or users with the privileges of
|
||||
the <link linkend="predefined-roles-table"><literal>pg_checkpointer</literal></link>
|
||||
role can call <command>CHECKPOINT</command>.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
@ -582,6 +582,12 @@ DROP ROLE doomed_role;
|
||||
<entry>Allow executing programs on the database server as the user the database runs as with
|
||||
COPY and other functions which allow executing a server-side program.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>pg_checkpointer</entry>
|
||||
<entry>Allow executing
|
||||
the <link linkend="sql-checkpoint"><command>CHECKPOINT</command></link>
|
||||
command.</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
@ -24,6 +24,7 @@
|
||||
#include "catalog/catalog.h"
|
||||
#include "catalog/index.h"
|
||||
#include "catalog/namespace.h"
|
||||
#include "catalog/pg_authid.h"
|
||||
#include "catalog/pg_inherits.h"
|
||||
#include "catalog/toasting.h"
|
||||
#include "commands/alter.h"
|
||||
@ -939,10 +940,10 @@ standard_ProcessUtility(PlannedStmt *pstmt,
|
||||
break;
|
||||
|
||||
case T_CheckPointStmt:
|
||||
if (!superuser())
|
||||
if (!has_privs_of_role(GetUserId(), ROLE_PG_CHECKPOINTER))
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
errmsg("must be superuser to do CHECKPOINT")));
|
||||
errmsg("must be superuser or have privileges of pg_checkpointer to do CHECKPOINT")));
|
||||
|
||||
RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_WAIT |
|
||||
(RecoveryInProgress() ? 0 : CHECKPOINT_FORCE));
|
||||
|
@ -53,6 +53,6 @@
|
||||
*/
|
||||
|
||||
/* yyyymmddN */
|
||||
#define CATALOG_VERSION_NO 202110272
|
||||
#define CATALOG_VERSION_NO 202111091
|
||||
|
||||
#endif
|
||||
|
@ -79,5 +79,10 @@
|
||||
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
|
||||
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
|
||||
rolpassword => '_null_', rolvaliduntil => '_null_' },
|
||||
{ oid => '4544', oid_symbol => 'ROLE_PG_CHECKPOINTER',
|
||||
rolname => 'pg_checkpointer', rolsuper => 'f', rolinherit => 't',
|
||||
rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',
|
||||
rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',
|
||||
rolpassword => '_null_', rolvaliduntil => '_null_' },
|
||||
|
||||
]
|
||||
|
Loading…
Reference in New Issue
Block a user