| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | pg_dump dump catalog ACLs |
| Date: | 2016-03-01 02:20:13 |
| Message-ID: | 20160301022013.GZ3127@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
All,
Per discussion about the best approach to reduce the amount of
superuser-only capabilities, this patch modifies pg_dump to dump out
all ACLs which exist on objects in the pg_catalog schema. With this
change, follow-on trivial patches will remove explicit superuser()
checks from functions and replace them with 'REVOKE EXECUTE FROM public'
commands, allowing users to then control what users are allowed to
execute those functions.
Started as a new thread to hopefully gain more interest. Will be
registered in the March commitfest shortly.
Thanks!
Stephen
| Attachment | Content-Type | Size |
|---|---|---|
| pg_dump_catalog_acls_v1.patch | text/x-diff | 81.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-03-01 02:28:25 | Re: [REVIEW] In-core regression tests for replication, cascading, archiving, PITR, etc. |
| Previous Message | Jim Nasby | 2016-03-01 01:56:07 | Re: dealing with extension dependencies that aren't quite 'e' |