Bill Moran <wmoran at collaborativefusion.com> writes:
> I'm trying to do this:
> SELECT set_origin FROM sl_set
>
> which works fine _IF_ I have superuser privs, but I need normal users
> to be able to query the database to see if they're talking to a master
> or a slave system (I know there are other ways to do this, such as
> BEGIN; DELETE FROM replicated_table; ROLLBACK, but those methods
> generate tons of errors that flood our error management systems, and
> then require all sorts of other complexity to manage)
>
> Before I issue a GRANT to allow select rights on that table to anyone
> who tries, my questions are:
> * Is there any inherent danger in allowing SELECT on that table to
>   normal users?

I wouldn't think so; there's not much sensitivity to that data.

If you wanted to be paranoid, there, you might create a stored
function to do the determination, and define it as a SECURITY DEFINER
(e.g. - roughly equivalent to sudo).

Actually, that's not too awfully paranoid; seems like a pretty good
idea, actually.

> * Is there a better way (I looked for a store procedure, such as
>   getlocalnodeid(), but if it exists, I'm not seeing it in the docs)

There is a function, getLocalNodeId(); it's implemented in C, so it's
not totally visible :-).

-- ----------------------------------------------------------------------
-- FUNCTION getLocalNodeId (name)
--
--	
-- ----------------------------------------------------------------------
create or replace function @NAMESPACE at .getLocalNodeId (name) returns int4
    as '$libdir/slony1_funcs', '_Slony_I_getLocalNodeId'
	language C
	security definer;
grant execute on function @NAMESPACE at .getLocalNodeId (name) to public;

comment on function @NAMESPACE at .getLocalNodeId (name) is 
  'Returns the node ID of the node being serviced on the local database';
-- 
let name="cbbrowne" and tld="linuxfinances.info" in name ^ "@" ^ tld;;
http://linuxdatabases.info/info/lisp.html
A  LISP programmer  knows the  value of  everything, but  the  cost of
nothing.  -- Alan J. Perlis