Re: Largeobject Access Controls (r2460)

From: Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Greg Smith <greg(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Largeobject Access Controls (r2460)
Date: 2010-01-21 10:42:30
Message-ID: 20100121194229.D1AA.52131E4D@oss.ntt.co.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> wrote:

> > I'm not sure whether we need to make groups for each owner of large objects.
> > If I remember right, the primary issue was separating routines for dump
> > BLOB ACLS from routines for BLOB COMMENTS, right? Why did you make the change?
>
> When --use-set-session-authorization is specified, pg_restore tries to
> change database role of the current session just before creation of
> database objects to be restored.
>
> Ownership of the database objects are recorded in the section header,
> and it informs pg_restore who should be owner of the objects to be
> restored in this section.
>
> Then, pg_restore can generate ALTER xxx OWNER TO after creation, or
> SET SESSION AUTHORIZATION before creation in runtime.
> So, we cannot put creation of largeobjects with different ownership
> in same section.
>
> It is the reason why we have to group largeobjects by database user.

Ah, I see.

Then... What happen if we drop or rename roles who have large objects
during pg_dump? Does the patch still work? It uses pg_get_userbyid().

Regards,
---
Takahiro Itagaki
NTT Open Source Software Center

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Thom Brown 2010-01-21 10:54:02 Re: 8.5 vs. 9.0
Previous Message Dave Page 2010-01-21 10:39:39 Re: 8.5 vs. 9.0