Re: role self-revocation

Greetings,

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > I'm not quite following this bit. Where would SET ROLE come into play
> > when we're talking about old dump scripts and how the commands in those
> > scripts might be interpreted by newer versions of PG..?
>
> No, the concern there is the other way around: what if you take a
> script made by newer pg_dump and try to load it into an older server
> that doesn't have the GRANTED BY option?

Wow. No, I really don't think I can agree that we need to care about
this.

> We're accustomed to saying that that doesn't work if you use a
> database feature that didn't exist in the old server, but
> privilege grants are hardly that. I don't want us to change the
> pg_dump output in such a way that the grants can't be restored at all
> to an older server, just because of a syntax choice that we could
> make backwards-compatibly instead of not-backwards-compatibly.

GRANTED BY is clearly such a feature that exists in the newer version
and doesn't exist in the older and I can't agree that we should
complicate things for ourselves and bend over backwards to try and make
it work to take a dump from a newer version of PG and make it work on
random older versions.

Folks are also able to exclude privileges from dumps if they want to.

Where do we document that we are going to put in effort to make these
kinds of things work? What other guarantees are we supposed to be
providing regarding using output from a newer pg_dump against older
servers? What about newer custom format dumps? Surely you're not
suggesting that we need to back-patch support for them to released
versions of pg_restore.

Thanks,

Stephen