diff options
| author | Jeff Davis | 2021-11-09 18:59:08 +0000 |
|---|---|---|
| committer | Jeff Davis | 2021-11-10 00:59:14 +0000 |
| commit | 4168a4745492cd54a0ffffc271b452525ef4dc60 (patch) | |
| tree | d833a8db75ef5ed29ca9229db02053dc92ba85bb | |
| parent | b66767b56b1cd082f3499a7e5a21b480dd004f51 (diff) | |
Add pg_checkpointer predefined role for CHECKPOINT command.
Any user with the privileges of pg_checkpointer can issue a CHECKPOINT
command.
Reviewed-by: Stephen Frost
Discussion: https://postgr.es/m/67a1d667e8ec228b5e07f232184c80348c5d93f4.camel%40j-davis.com
| -rw-r--r-- | doc/src/sgml/ref/checkpoint.sgml | 4 | ||||
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 6 | ||||
| -rw-r--r-- | src/backend/tcop/utility.c | 5 | ||||
| -rw-r--r-- | src/include/catalog/catversion.h | 2 | ||||
| -rw-r--r-- | src/include/catalog/pg_authid.dat | 5 |
5 files changed, 18 insertions, 4 deletions
diff --git a/doc/src/sgml/ref/checkpoint.sgml b/doc/src/sgml/ref/checkpoint.sgml index 2afee6d7b5..1cebc03d15 100644 --- a/doc/src/sgml/ref/checkpoint.sgml +++ b/doc/src/sgml/ref/checkpoint.sgml @@ -52,7 +52,9 @@ CHECKPOINT </para> <para> - Only superusers can call <command>CHECKPOINT</command>. + Only superusers or users with the privileges of + the <link linkend="predefined-roles-table"><literal>pg_checkpointer</literal></link> + role can call <command>CHECKPOINT</command>. </para> </refsect1> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index afbf67c28c..9067be1d9c 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -582,6 +582,12 @@ DROP ROLE doomed_role; <entry>Allow executing programs on the database server as the user the database runs as with COPY and other functions which allow executing a server-side program.</entry> </row> + <row> + <entry>pg_checkpointer</entry> + <entry>Allow executing + the <link linkend="sql-checkpoint"><command>CHECKPOINT</command></link> + command.</entry> + </row> </tbody> </tgroup> </table> diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c index bf085aa93b..1fbc387d47 100644 --- a/src/backend/tcop/utility.c +++ b/src/backend/tcop/utility.c @@ -24,6 +24,7 @@ #include "catalog/catalog.h" #include "catalog/index.h" #include "catalog/namespace.h" +#include "catalog/pg_authid.h" #include "catalog/pg_inherits.h" #include "catalog/toasting.h" #include "commands/alter.h" @@ -939,10 +940,10 @@ standard_ProcessUtility(PlannedStmt *pstmt, break; case T_CheckPointStmt: - if (!superuser()) + if (!has_privs_of_role(GetUserId(), ROLE_PG_CHECKPOINTER)) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("must be superuser to do CHECKPOINT"))); + errmsg("must be superuser or have privileges of pg_checkpointer to do CHECKPOINT"))); RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_WAIT | (RecoveryInProgress() ? 0 : CHECKPOINT_FORCE)); diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 9faf017457..49e8e59129 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -53,6 +53,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 202110272 +#define CATALOG_VERSION_NO 202111091 #endif diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat index 3da68016b6..9c65174f3c 100644 --- a/src/include/catalog/pg_authid.dat +++ b/src/include/catalog/pg_authid.dat @@ -79,5 +79,10 @@ rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', rolpassword => '_null_', rolvaliduntil => '_null_' }, +{ oid => '4544', oid_symbol => 'ROLE_PG_CHECKPOINTER', + rolname => 'pg_checkpointer', rolsuper => 'f', rolinherit => 't', + rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f', + rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1', + rolpassword => '_null_', rolvaliduntil => '_null_' }, ] |