| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg_dump dump catalog ACLs |
| Date: | 2016-03-01 04:00:54 |
| Message-ID: | 20160301040054.GB3127@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > Per discussion about the best approach to reduce the amount of
> > superuser-only capabilities, this patch modifies pg_dump to dump out
> > all ACLs which exist on objects in the pg_catalog schema.
>
> Um ... surely there are some of those that are installed by default?
There are a few, but not terribly many currently.
> To make this work, you'd need a way to distinguish privileges installed
> by initdb from those changed later.
To replicate whatever the current ACL is, we don't actually need to
make such a differentiation. I'm not against doing so, but the only
point of it would be to eliminate a few extra lines being dumped out
which re-run those commands that initdb runs on restore.
The downside of doing so would be having to keep track of the exact ACLs
set for every object in pg_catalog which has a non-NULL ACL at initdb
time for every version of PG that the latest version of pg_dump
supports, and making sure that any changes to those get updated in
pg_dump in addition to the relevant system_views.sql change.
That's possible, but I wasn't sure it was worth it.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-03-01 04:01:03 | Re: Improve error handling in pltcl |
| Previous Message | Tom Lane | 2016-03-01 03:53:38 | Re: pg_dump dump catalog ACLs |