Quick Links

Re: Inconsistent behavior of pg_dump/pg_restore on DEFAULT PRIVILEGES

From:	"Bossart, Nathan" <bossartn(at)amazon(dot)com>
To:	Michael Paquier <michael(at)paquier(dot)xyz>, Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Neil Chen <carpenter(dot)nail(dot)cz(at)gmail(dot)com>, "Boris P(dot) Korzun" <drtr0jan(at)yandex(dot)ru>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>
Subject:	Re: Inconsistent behavior of pg_dump/pg_restore on DEFAULT PRIVILEGES
Date:	2021-10-14 16:13:52
Message-ID:	0C8283FD-5A1F-4C8E-8C93-257B10D80466@amazon.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs pgsql-hackers

On 10/14/21, 12:55 AM, "Michael Paquier" <michael(at)paquier(dot)xyz> wrote:
> 1) For DEFAULT PRIVILEGES FOR FUNCTIONS:
> -ALTER DEFAULT PRIVILEGES FOR ROLE regress_dump_test_role IN SCHEMA
> dump_test REVOKE ALL ON FUNCTIONS FROM PUBLIC;
> +ALTER DEFAULT PRIVILEGES FOR ROLE regress_dump_test_role IN SCHEMA
> dump_test GRANT ALL ON FUNCTIONS TO regress_dump_test_role;

This one looks correct to me.

> 2) For DEFAULT PRIVILEGES FOR TABLES:
> -ALTER DEFAULT PRIVILEGES FOR ROLE regress_dump_test_role IN SCHEMA
> dump_test REVOKE ALL ON TABLES FROM regress_dump_test_role;
> ALTER DEFAULT PRIVILEGES FOR ROLE regress_dump_test_role IN SCHEMA
> dump_test GRANT SELECT ON TABLES TO regress_dump_test_role;
>
> So the patch removes a REVOKE ALL ON TABLES on
> regress_dump_test_role after the addition of only the GRANT EXECUTE ON
> FUNCTIONS. That seems off. Am I missing something?

I might be missing something as well, but this one looks correct to
me, too. I suspect that REVOKE statement was generated by comparing
against the wrong default ACL and that it actually has no effect.

Nathan

In response to

Re: Inconsistent behavior of pg_dump/pg_restore on DEFAULT PRIVILEGES at 2021-10-14 07:53:24 from Michael Paquier

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Andrew Dunstan	2021-10-14 20:50:51	Re: BUG #17212: pg_amcheck fails on checking temporary relations
Previous Message	Bossart, Nathan	2021-10-14 16:02:15	Re: Inconsistent behavior of pg_dump/pg_restore on DEFAULT PRIVILEGES

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Isaac Morland	2021-10-14 16:44:37	Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Previous Message	Gilles Darold	2021-10-14 16:02:15	Re: [PATCH] Proposal for HIDDEN/INVISIBLE column