Re: Additional role attributes && superuser review

On 29 January 2016 at 22:41, Stephen Frost <sfrost(at)snowman(dot)net> wrote:

> Michael,
>
> * Michael Paquier (michael(dot)paquier(at)gmail(dot)com) wrote:
> > On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost <sfrost(at)snowman(dot)net>
> wrote:
> > > * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> > >> On Thu, Jan 28, 2016 at 11:04 AM, Stephen Frost <sfrost(at)snowman(dot)net>
> > wrote:
> > >> > Personally, I don't have any particular issue having both, but the
> > >> > desire was stated that it would be better to have the regular
> > >> > GRANT EXECUTE ON catalog_func() working before we consider having
> > >> > default roles for same. That moves the goal posts awful far
> though, if
> > >> > we're to stick with that and consider how we might extend the GRANT
> > >> > system in the future.
> > >>
> > >> I don't think it moves the goal posts all that far. Convincing
> > >> pg_dump to dump grants on system functions shouldn't be a crazy large
> > >> patch.
> > >
> > > I wasn't clear as to what I was referring to here. I've already
> written
> > > a patch to pg_dump to support grants on system objects and agree that
> > > it's at least reasonable.
> >
> > Is it already posted somewhere? I don't recall seeing it. Robert and Noah
> > have a point that this would be useful for users who would like to dump
> > GRANT/REVOKE rights on system functions & all, using a new option in
> > pg_dumpall, say --with-system-acl or --with-system-privileges.
>
> Multiple versions were posted on this thread. I don't fault you for not
> finding it, this thread is a bit long in the tooth. The one I'm
> currently working from is
>
>
It strikes me that this thread would possibly benefit from a wiki page
outlining the permissions, overall concepts, etc, as it's getting awfully
hard to follow.

--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services