| From: | Gilles Darold <gilles(at)darold(dot)net> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: New default role- 'pg_read_all_data' |
| Date: | 2020-08-28 13:58:58 |
| Message-ID: | 6a78c0d5-d010-f2b5-198f-b35eb152f3c4@darold.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Le 28/08/2020 à 15:26, Stephen Frost a écrit :
> Greetings,
>
> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>> On Fri, Aug 28, 2020 at 2:38 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>>> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>>>> Without having actually looked at the code, definite +1 for this feature.
>>>> It's much requested...
>>> Thanks.
>>>
>>>> But, should we also have a pg_write_all_data to go along with it?
>>> Perhaps, but could certainly be a different patch, and it'd need to be
>>> better defined, it seems to me... read_all is pretty straight-forward
>>> (the general goal being "make pg_dumpall/pg_dump work"), what would
>>> write mean? INSERT? DELETE? TRUNCATE? ALTER TABLE? System catalogs?
>> Well, it's pg_write_all_*data*, so it certainly wouldn't be alter table or
>> system catalogs.
>>
>> I'd say insert/update/delete yes.
>>
>> TRUNCATE is always an outlier.Given it's generally classified as DDL, I
>> wouldn't include it.
> Alright, that seems like it'd be pretty easy. We already have a check
> in pg_class_aclmask to disallow modification of system catalogs w/o
> being a superuser, so we should be alright to add a similar check for
> insert/update/delete just below where I added the SELECT check.
>
>>> Doesn't seem like you could just declare it to be 'allow pg_restore'
>>> either, as that might include creating untrusted functions, et al.
>> No definitely not. That wouldn't be the usecase at all :)
> Good. :)
>
>> (and fwiw to me the main use case for read_all_data also isn't pg_dump,
>> because most people using pg_dump are already db owner or higher in my
>> experience. But it is nice that it helps with that too)
> Glad to have confirmation that there's other use-cases this helps with.
>
> I'll post an updated patch with that added in a day or two.
>
> Thanks,
>
> Stephen
Hi,
Looking at this thread I was thinking about the FDW. Does role
pg_read_all_data will allow to execute pg_dump with
--include-foreign-data option? If this is the case how about priviledge
on fdw and foreign server? If this is the behavior we want I guess that
the modification should be applied to pg_foreign_data_wrapper_aclmask()
and pg_foreign_server_aclmask() too.
Best regards,
--
Gilles Darold
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ranier Vilela | 2020-08-28 14:05:50 | Re: Please help for error ( file <libxml/parser.h> is required for XML support ) |
| Previous Message | Robert Haas | 2020-08-28 13:58:43 | Re: new heapcheck contrib module |