| From: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: CREATE TABLE LIKE INCLUDING PRIVILEGES |
| Date: | 2026-06-03 13:12:54 |
| Message-ID: | CAN4CZFPK3jdzpbe6zQ8HGF+YabULsA9M+a3TvVGJXfsq8bN+Hw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hello
> Inspired by this message [1]
My interpretation of that message was not to go in this direction:
> (And no, I'd not look favorably on a response that proposes to fix
> that by adding the ability to copy ownership/permissions. There
> are probably security problems in such an idea.)
And I do see some issues in that regard with this patch:
> This functionality only works if the current user is also the owner of
> the source table.
With these changes, `INCLUDING ALL` requires ownership. I don't think
that's an acceptable breaking change? I also don't see a good way to
deal with that:
* either INCLUDING ALL doesn't include this - which would be confusing
* or it doesn't include this for non owned tables - even more confusing
* or it ignores ownership, which would be insecure
do you have a better suggestion?
There's also a privilege escalation issue in the current patch: if any
of the privileges have GRANT option, all of them will have in the new
table.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniil Davydov | 2026-06-03 13:23:20 | BUG with accessing to temporary tables of other sessions still exists |
| Previous Message | Akshay Joshi | 2026-06-03 12:58:52 | [PATCH] Add pg_get_table_ddl() to reconstruct CREATE TABLE statements |