Should SET ROLE inherit config params?
All,
I was just noticing that doing SET ROLE changes the current session's
priviledges, but not any runtime configuration parameters (like work_mem
or statement_timeout) associated with the new role.
This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.
--Josh
On Wed, Mar 11, 2009 at 9:45 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.Sounds good to me, but you may want to explore what problems that might
cause so we can avoid screwing up. Perhaps it could be an option?
Well for one thing pg_dump uses SET ROLE extensively and it sets
parameters assuming they'll stay set
--
greg
Import Notes
Reply to msg id not found: 1236807900.28644.211.camel@ebony.2ndQuadrant
On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
I was just noticing that doing SET ROLE changes the current session's
priviledges, but not any runtime configuration parameters (like work_mem
or statement_timeout) associated with the new role.This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.
Sounds good to me, but you may want to explore what problems that might
cause so we can avoid screwing up. Perhaps it could be an option?
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
--On Mittwoch, März 11, 2009 21:45:00 +0000 Simon Riggs
<simon@2ndQuadrant.com> wrote:
This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.Sounds good to me, but you may want to explore what problems that might
cause so we can avoid screwing up. Perhaps it could be an option?
I had exactly the same intention yesterday. Maybe something along the line
of su - is what we want, thus expanding such a functionality with an
optional argument to SET ROLE.
--
Thanks
Bernd
Greg Stark <stark@enterprisedb.com> writes:
On Wed, Mar 11, 2009 at 9:45 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? �I for one would like SET ROLE to change
runtime configs.
Well for one thing pg_dump uses SET ROLE extensively and it sets
parameters assuming they'll stay set
I think this is going to make the already-tricky semantics of GUC
variables completely impossible. Per-user settings normally establish
the session's RESET values of the variables and can be overridden (for
the session or just for a transaction) by explicit SET. If the latter
remains true it'd fix Greg's concern about pg_dump, but it's just
mind-bending to think about what RESET means if we try to put this in.
Assume we've done ALTER ROLE SET foo = something for our login
role and ALTER ROLE x SET foo = somethingelse:
start psql
-- foo = something, presumably
SET foo = other;
SET ROLE x;
-- foo still = other, presumably
RESET foo; -- now what is foo?
(if your answer is "somethingelse", justify this in terms of the
documented behavior of RESET: restore to the session-start value.)
RESET ROLE; -- now what is foo?
(ie, does this action in itself change foo, and if so why?)
Also, with all the whining I've seen in the past few days about not
making application-breaking incompatible changes, it would seem
appropriate to have a GUC to control whether we have this behavior or
the old one. Discuss the implications of changing such a GUC partway
through this sequence. For extra credit, explain what would happen if
it were set via ALTER ROLE SET for one role or the other.
In short: -1 from me.
regards, tom lane
On Wed, Mar 11, 2009 at 9:21 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Greg Stark <stark@enterprisedb.com> writes:
On Wed, Mar 11, 2009 at 9:45 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.Well for one thing pg_dump uses SET ROLE extensively and it sets
parameters assuming they'll stay setI think this is going to make the already-tricky semantics of GUC
variables completely impossible. Per-user settings normally establish
the session's RESET values of the variables and can be overridden (for
the session or just for a transaction) by explicit SET. If the latter
remains true it'd fix Greg's concern about pg_dump, but it's just
mind-bending to think about what RESET means if we try to put this in.
Assume we've done ALTER ROLE SET foo = something for our login
role and ALTER ROLE x SET foo = somethingelse:start psql
-- foo = something, presumably
SET foo = other;
SET ROLE x;
-- foo still = other, presumably
RESET foo; -- now what is foo?
(if your answer is "somethingelse", justify this in terms of the
documented behavior of RESET: restore to the session-start value.)RESET ROLE; -- now what is foo?
(ie, does this action in itself change foo, and if so why?)
Also, with all the whining I've seen in the past few days about not
making application-breaking incompatible changes, it would seem
appropriate to have a GUC to control whether we have this behavior or
the old one. Discuss the implications of changing such a GUC partway
through this sequence. For extra credit, explain what would happen if
it were set via ALTER ROLE SET for one role or the other.In short: -1 from me.
Maybe it would make more sense to have some option to SET ROLE or some
separate command that resets all configuration parameters to the
values that they would have had, if you had only logged in as that
other user originally. I thought "RESET ALL" might do this, but it
seems not.
...Robert
Tom,
Discuss the implications of changing such a GUC partway
through this sequence. For extra credit, explain what would happen if
it were set via ALTER ROLE SET for one role or the other.In short: -1 from me.
Heh. That's your best rejection yet. Someday I'll print out all the
rejection e-mails from you and wallpaper my office. ;-)
I guess what I'm really hoping to do is to hack ROLEs into a primitive
resource management tool. Maybe this is the wrong approach, but we need
*something* in this vein, and from an application development perspective
combining permissions, connections and resource allocation via ROLES makes a
lot of sense. The SET ROLE issue comes in pretty much for login management.
--
Josh Berkus
PostgreSQL
San Francisco
On Thu, 2009-03-12 at 08:26 -0700, Josh Berkus wrote:
Tom,
Discuss the implications of changing such a GUC partway
through this sequence. For extra credit, explain what would happen if
it were set via ALTER ROLE SET for one role or the other.In short: -1 from me.
Heh. That's your best rejection yet. Someday I'll print out all the
rejection e-mails from you and wallpaper my office. ;-)
Josh, this isn't a rejection. Both Tom and I asked for more exploration
of the implications of doing as you suggest. Tom has been more helpful
than I was in providing some scenarios that would cause problems. It is
up to you to solve the problems, which is often possible.
I can't vouch for your taste in wallpaper, but this doesn't deserve a
place in your collection...
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
Josh, this isn't a rejection. Both Tom and I asked for more exploration
of the implications of doing as you suggest. Tom has been more helpful
than I was in providing some scenarios that would cause problems. It is
up to you to solve the problems, which is often possible.
OK, well, barring the context issues, what do people think of the idea?
What I was thinking was that this would be a setting on the SET ROLE
statement, such as:
SET ROLE special WITH SETTINGS
... or similar; I'd need to find an existing keyword which works.
I think this bypasses a lot of the issues which Tom raises, but I'd want
to think about the various permutations some more.
--Josh
On Thursday 12 March 2009 21:39:54 Josh Berkus wrote:
Josh, this isn't a rejection. Both Tom and I asked for more exploration
of the implications of doing as you suggest. Tom has been more helpful
than I was in providing some scenarios that would cause problems. It is
up to you to solve the problems, which is often possible.OK, well, barring the context issues, what do people think of the idea?
What I was thinking was that this would be a setting on the SET ROLE
statement, such as:SET ROLE special WITH SETTINGS
... or similar; I'd need to find an existing keyword which works.
I think this bypasses a lot of the issues which Tom raises, but I'd want
to think about the various permutations some more.
How bad of an idea would it be to split set session authorization to be
privilege specific, and set role to focus on configiuration?
--
Robert Treat
Conjecture: http://www.xzilla.net
Consulting: http://www.omniti.com
On Fri, Mar 13, 2009 at 2:39 AM, Josh Berkus <josh@agliodbs.com> wrote:
SET ROLE special WITH SETTINGS
... or similar; I'd need to find an existing keyword which works.
Perhaps something like "SET ROLE special NEW SESSION;".
It solves a problem mentioned by Tom as it's very clear that it's a
new session so when you reset the settings to what they were at
session start, you take the default settings of special.
--
Guillaume
Guillaume Smet <guillaume.smet@gmail.com> writes:
On Fri, Mar 13, 2009 at 2:39 AM, Josh Berkus <josh@agliodbs.com> wrote:
SET ROLE special WITH SETTINGS
... or similar; I'd need to find an existing keyword which works.
Perhaps something like "SET ROLE special NEW SESSION;".
It solves a problem mentioned by Tom as it's very clear that it's a
new session so when you reset the settings to what they were at
session start, you take the default settings of special.
So this is just syntactic sugar for
SET ROLE;
RESET ALL;
Or is it more or less?
--
Gregory Stark
EnterpriseDB http://www.enterprisedb.com
Ask me about EnterpriseDB's RemoteDBA services!
Gregory Stark wrote:
Guillaume Smet <guillaume.smet@gmail.com> writes:
On Fri, Mar 13, 2009 at 2:39 AM, Josh Berkus <josh@agliodbs.com> wrote:
SET ROLE special WITH SETTINGS
... or similar; I'd need to find an existing keyword which works.
Perhaps something like "SET ROLE special NEW SESSION;".
It solves a problem mentioned by Tom as it's very clear that it's a
new session so when you reset the settings to what they were at
session start, you take the default settings of special.So this is just syntactic sugar for
SET ROLE;
RESET ALL;Or is it more or less?
No, actually, since RESET ALL does not adopt the config settings of your
current group role, but only the login role you logged in with, e.g.:
postgres=# alter role manson set work_mem = '1MB';
ALTER ROLE
postgres=# \c - charles
You are now connected to database "postgres" as user "charles".
postgres=> show work_mem;
work_mem
----------
2MB
(1 row)
postgres=> set role manson;
SET
postgres=> reset all;
RESET
postgres=> show work_mem;
work_mem
----------
2MB
I'd like to have that 2nd work_mem call to show "manson's" work_mem, or 1MB.
What I want to be able to do is to set different bunches of resource
management settings for various non-login inherited roles, and be able
to choose profiles via a SET ROLE. The reason to do this, btw, instead
of defining various login roles, is that different login roles can't
share the same connection pool.
--Josh
Josh Berkus <josh@agliodbs.com> writes:
What I want to be able to do is to set different bunches of resource
management settings for various non-login inherited roles, and be able
to choose profiles via a SET ROLE. The reason to do this, btw, instead
of defining various login roles, is that different login roles can't
share the same connection pool.
The question is why this should be tied to SET ROLE, which already has
well defined semantics that don't include any such behavior.
regards, tom lane
Tom Lane wrote:
Josh Berkus <josh@agliodbs.com> writes:
What I want to be able to do is to set different bunches of resource
management settings for various non-login inherited roles, and be able
to choose profiles via a SET ROLE. The reason to do this, btw, instead
of defining various login roles, is that different login roles can't
share the same connection pool.The question is why this should be tied to SET ROLE, which already has
well defined semantics that don't include any such behavior.
Mostly because we don't have anywhere else to hang a "settings profile"
than ROLEs. And currently, we can define settings with roles; the fact
that those settings materially only apply to login roles and not to
non-login roles could even be seen as inconsistent.
--Josh
Josh Berkus <josh@agliodbs.com> writes:
Tom Lane wrote:
The question is why this should be tied to SET ROLE, which already has
well defined semantics that don't include any such behavior.
Mostly because we don't have anywhere else to hang a "settings profile"
than ROLEs.
So we should fix that, if we want a feature like this.
And currently, we can define settings with roles; the fact
that those settings materially only apply to login roles and not to
non-login roles could even be seen as inconsistent.
[ shrug... ] The behavior of SET ROLE is defined by the standard. The
behavior at login is not.
regards, tom lane
On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
I was just noticing that doing SET ROLE changes the current session's
priviledges, but not any runtime configuration parameters (like work_mem
or statement_timeout) associated with the new role.This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.
Thinking some more about the requirements for this and various
objections.
I'm guessing that there's a small cluster of parameters you want to
alter using this. It seems easier to think about those parameters and to
look at ways of managing those. Perhaps what we need is not parameters
on roles, but a related concept: profiles.
Profiles define the limits and priorities given to certain categories of
work. So one profile might be work_mem = 128M and constraint_exclusion =
on, others could differ. If we invent a new concept, we get to define
the semantics from scratch. Maybe RESET doesn't work with profiles,
maybe you can't change user parameters set by a profile, maybe they
allow you to define maximum values. Maybe. Maybe. Nice clear
distinction: roles manage privileges, profiles manage
resources/optimisation.
The main reason for abstraction is that we can avoid hardcoding resource
management data into applications, so that when we upgrade we don't need
to retune or re-arrange everything.
8.5 obviously. But if some time is given to a coherent design that
focuses on what we actually want rather than on a specific solution, we
may find there is a neat way to do this without breaking anything.
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
On Fri, Mar 27, 2009 at 4:04 AM, Simon Riggs <simon@2ndquadrant.com> wrote:
On Wed, 2009-03-11 at 14:27 -0700, Josh Berkus wrote:
I was just noticing that doing SET ROLE changes the current session's
priviledges, but not any runtime configuration parameters (like work_mem
or statement_timeout) associated with the new role.This is as documented (although I want to add a line to SET ROLE docs)
but is it the behavior we want? I for one would like SET ROLE to change
runtime configs.Thinking some more about the requirements for this and various
objections.I'm guessing that there's a small cluster of parameters you want to
alter using this. It seems easier to think about those parameters and to
look at ways of managing those. Perhaps what we need is not parameters
on roles, but a related concept: profiles.
I think this is way over-engineered. All we really need here is a
command along the lines of RESET ALL AS CURRENT USER that gives every
GUC the value it would have had if you logged in under the current
user's account. Simple, clean, no new keywords.
...Robert
Robert Haas <robertmhaas@gmail.com> writes:
I think this is way over-engineered. All we really need here is a
command along the lines of RESET ALL AS CURRENT USER that gives every
GUC the value it would have had if you logged in under the current
user's account. Simple, clean, no new keywords.
Doesn't do anything for autovacuum though...
BTW, does pg_dumpall know to dump ALTER USER SET settings attached
to built-in roles (such as the proposed "autovacuum" role)? I'd bet
it doesn't do that. Even if it does, that seems like a more awkward
way to push settings over to a new installation than copying your
postgresql.conf file.
Simon's idea of "profiles" sounds worth pursuing to me, but clearly
it's not happening for 8.4.
regards, tom lane
Tom,
BTW, does pg_dumpall know to dump ALTER USER SET settings attached
to built-in roles (such as the proposed "autovacuum" role)? I'd bet
it doesn't do that. Even if it does, that seems like a more awkward
way to push settings over to a new installation than copying your
postgresql.conf file.Simon's idea of "profiles" sounds worth pursuing to me, but clearly
it's not happening for 8.4.
I don't see why having a *separate* concept of profiles in addition to
the ROLES is helpful. It seems like building a whole new house when all
we really need is to expand the garage.
--Josh