Home Explore Blog CI



postgresql
12th chunk of `doc/src/sgml/user-manag.sgml`
c10c452fb5d20569a55c4f51c265080ef04f94a96ea4959f0000000100000847
 to.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="predefined-role-pg-read-server-files" xreflabel="pg_read_server_files">
     <term><varname>pg_read_server_files</varname></term>
     <term><varname>pg_write_server_files</varname></term>
     <term><varname>pg_execute_server_program</varname></term>
     <listitem>
      <para>
       These roles are intended to allow administrators to have trusted, but
       non-superuser, roles which are able to access files and run programs on
       the database server as the user the database runs as.  They bypass all
       database-level permission checks when accessing files directly and they
       could be used to gain superuser-level access.  Therefore, great care
       should be taken when granting these roles to users.
      </para>
      <para>
       <literal>pg_read_server_files</literal> allows reading files from any
       location the database can access on the server using
       <command>COPY</command> and other file-access functions.
      </para>
      <para>
       <literal>pg_write_server_files</literal> allows writing to files in any
       location the database can access on the server using
       <command>COPY</command> and other file-access functions.
      </para>
      <para>
       <literal>pg_execute_server_program</literal> allows executing programs
       on the database server as the user the database runs as using
       <command>COPY</command> and other functions which allow executing a
       server-side program.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="predefined-role-pg-signal-autovacuum-worker" xreflabel="pg_signal_autovacuum_worker">
     <term><varname>pg_signal_autovacuum_worker</varname></term>
     <listitem>
      <para>
       <literal>pg_signal_autovacuum_worker</literal> allows signaling
       autovacuum workers to cancel the current table's vacuum or terminate its
       session.  See <xref linkend="functions-admin-signal"/>.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="predefined-role-pg-signal-backend"
Title: Predefined Roles for Server File Access and Autovacuum Management
Summary
PostgreSQL provides predefined roles, including pg_read_server_files, pg_write_server_files, and pg_execute_server_program, which allow trusted non-superuser roles to access files and run programs on the database server, as well as pg_signal_autovacuum_worker, which enables signaling autovacuum workers to cancel or terminate their sessions.