| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jacob Champion <jchampion(at)timescale(dot)com> |
| Cc: | PostgreSQL Bugs <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: pg_dump needs SELECT privileges on irrelevant extension table |
| Date: | 2023-03-20 17:43:26 |
| Message-ID: | 954419.1679334206@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
Jacob Champion <jchampion(at)timescale(dot)com> writes:
> We have a situation where we need to revoke SELECT on a table that
> belongs to our extension, and we also need to let less privileged users
> dump the extension's external config tables.
In general, we don't expect that random minimum-privilege users can do
a database-wide pg_dump, so I'm not entirely sure that I buy that this
is a case we should cater to. Why shouldn't your dump user have enough
privilege to take this lock?
I'd be more willing to consider the proposed patch if it weren't such
a hack --- as you say, it doesn't fix the problem when the table has
policies, so it's hardly a general-purpose solution. I fear that it's
also fairly expensive: adding sub-selects to the query we must do
before we can lock any tables is not appetizing, because making that
window wider adds to the risk of deadlocks, dump failures, etc.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2023-03-20 18:23:54 | Re: pg_dump needs SELECT privileges on irrelevant extension table |
| Previous Message | Jacob Champion | 2023-03-20 16:44:24 | pg_dump needs SELECT privileges on irrelevant extension table |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2023-03-20 17:46:06 | Re: Save a few bytes in pg_attribute |
| Previous Message | Gregory Stark (as CFM) | 2023-03-20 17:40:17 | Re: [PATCH] Fix alter subscription concurrency errors |