Allow non-superusers to run certain ALTER CLUSTER commands
See original GitHub issueUse case:
As a Admin-user I want to also often want to run certain administrative commands, since often I can’t directly connect to the host of CrateDB (e.g. as only ports 5432 / 4200 are accessible). Also e.g. ALTER CLUSTER SWAP TABLE
is useful, I one would want to simulate a materialised view behaviour
CREATE TABLE m_view_new AS SELECT ...
INSERT INTO TABLE m_view SELECT ... FROM source
ALTER CLUSTER SWAP TABLE m_view_new to m_view;
DROP TABLE m_view_new;
Also ALTER CLUSTER SWAP TABLE
would be useful anyway for normal users.
Feature description:
Allow the following commands for non-superusers with admin-rights AL
:
ALTER CLUSTER SWAP TABLE source TO target [ WITH ( expr = expr [ , ... ] ) ]
ALTER CLUSTER REROUTE RETRY FAILED
ALTER CLUSTER GC DANGLING ARTIFACTS
other commands should still require super-user rights e.g. decommission
as one would expect access to the hosts anyway
ALTER CLUSTER DECOMMISSION <nodeId | nodeName>
Issue Analytics
- State:
- Created 2 years ago
- Comments:7 (7 by maintainers)
Top Results From Across the Web
non-superusers are allowed to drop the replication user, but ...
Hi All, While working on one of the internal projects I noticed that currently in Postgres, we do not allow normal users to...
Read more >Superusers - Amazon Redshift - AWS Documentation
Superusers retain all permissions regardless of GRANT and REVOKE commands. ... To create, alter, or drop a superuser, use the same commands to...
Read more >Documentation: 13: E.10. Release 13 - PostgreSQL
Previously, if allow_system_table_mods was set at server start, non-superusers could issue INSERT / UPDATE / DELETE commands on system tables.
Read more >38.17. Packaging Related Objects into an Extension
The ALTER EXTENSION UPDATE command can then be used to apply these changes and ... if set to true (which is not the...
Read more >Postgresql_fdw Authentication Changes in PostgreSQL 13
The blog will explain the security changes in postgresq_fdw. 1 – The superuser can permit the non-superusers to establish a password-less ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Any user with
AL
privileges (they are always on cluster level. Not to be confused withALL
)I think crate as super user has all privileges 🤔
@BaurzhanSakhariev
Administration Language (AL)
+1 to only AL
@mfussenegger, does SWAP TABLES simply change table names so that whenever we refer to B after the swap it will just go to former A object? I couldn’t find anything about columns/schema correspondence or validation so I don’t think data migration is happening.
I just realized that to really achieve effect of fully swapping objects, i.e make B look exactly like A and vice versa, one needs to drop redundant columns from B, add lacking columns from A into B (DDL on B) + DQL on A, DML on B. ==> even if we don’t need create table B we still need DDL on B. Also, even if dropSource == false, still need DDL on A to add/remove columns from B
probably it really makes sense just to keep AL - yes, users with required D* privileges can accomplish that, but if I’m right about swap = absolute replacement than nobody would do it in such a tricky way with adding/removing columns