| From: | Ashutosh Bapat <ashutosh(dot)bapat(dot)oss(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Noah Misch <noah(at)leadboat(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: PROPERTY GRAPH pg_dump ACL minimization |
| Date: | 2026-07-01 16:21:13 |
| Message-ID: | CAExHW5tz+ufmneS+gYTNrYLbi=bF=D2Xp5rvr12cuLYoNn80kg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Thanks Noah for the patch and the report.
On Tue, Jun 30, 2026 at 8:41 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> Noah Misch <noah(at)leadboat(dot)com> writes:
> > Most of the patch bulk (modest as it is) exists to keep support for dumping
> > from beta1. I'm not sure whether it was worth bothering. Breaking dump from
> > a beta is without precedent known to me, so I just erred on the side of not
> > breaking it. If we were to decide pg_dump could drop support for betas, I'd
> > be fine with that.
>
> > This entails a catversion bump on the v19 branch.
>
> Those points are not unrelated. If you bump catversion then beta
> testers must use pg_upgrade to get from beta1 to beta2, so you should
> not drop support for dumping from beta1.
>
> I could agree with dropping that support after beta2, though. That'd
> imply having to update via beta2 to beta3 or later, but I doubt those
> hardy enough to test beta1 would have a problem with that.
>
Should there be two commits one which will be reverted post beta2 and
one which will stay after beta2?
> > If the master branch
> > already has a post-branch catversion bump by then, the two catversions should
> > remain distinct. I'll use yyyymmdd1 for v19 and yyyymmdd2 for master.
>
> Check.
>
> (I didn't read the patch, just responded to your commentary.)
I reviewed the patch.
- tblinfo[i].dacl.acldefault = pg_strdup(PQgetvalue(res, i, i_acldefault));
+ /* acldefault computed below */
Rather than spacially separating the acldefault computation, can we
just write a function to compute the acldefault for a given relkind
and owner, and call that function here?
Did you consider writing a test for the same?
Other than that the patch looks good.
I wondered whether we are missing special handling for PROPGRAPH at
other places. I looked at other places where we handle OBJECT_SEQUENCE
separately in acl related files. I discovered following missing cases
1. ExecGrant_Relation: I think we should clip the extra privileges
with a warning when GRANT ... TABLE syntax is used to grant privileges
on a property graph, just like sequences. To me it looks like we
should prohibit GRANT ... TABLE on property graph altogether. But
haven't done so to keep it in sync with sequences. The backward
compatibility comment, "For backward compatibility, just ... " should
not be applicable in case of property graph since we can introduce
whatever behaviour we expect from GRANT ... TABLE right from the first
release which introduced property graph. But I am not sure if that's
the only backward compatibility we are talking about here. Those
commits go more than a few decades back and commit message itself
doesn't help me much. Maybe someone with a better historical
perspective may help. I have also added a test scenario for a
non-property graph privilege to be added using GRANT ... TABLE syntax.
The second change in this function seems necessary but without it, I
couldn't find a visible bug. Mostly it's masked because the privileges
available on a table are a superset of privileges available on a
property graph.
Now that the function handles property graph separately, its prologue
needs to change. I think we should mention property graph along with
sequences as done in the patch OR just mention "all types of objects
in pg_class."
2. pg_class_aclmask_ext(): this seems to be another omission. Probably
innocuous since we will test only SELECT privileges on a property
graph and ignore other default table privileges.
3. pg_default_acl: doesn't need any update since property graph is not
an object listed in the types of objects for which the user is allowed
to specify default permissions through pg_default_acl.
All other places which handle OBJECT_SEQUENCE also handle OBJECT_PROPGRAPH.
I also notice that information_schema.pg_propgraph_privileges shows
only privileges of type "SELECT" so we wouldn't be able to notice a
privilege type other than SELECT being granted on a property graph
through information_schema. But a similar filtering exists in the view
information_schema.table_privileges. So it looks intentional and I
didn't touch it.
--
Best Wishes,
Ashutosh Bapat
| Attachment | Content-Type | Size |
|---|---|---|
| missing_propgraph_acl.patch | text/x-patch | 4.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tristan Partin | 2026-07-01 16:32:17 | Macro redefinition warning after aeb07c55fab5c17a600b77ffcdc3b71425d6a8e7 |
| Previous Message | Fujii Masao | 2026-07-01 16:08:44 | Re: Fix publisher-side sequence permission reporting |