Re: BUG #14456: pg_dump doesn't restore permissions on tables belonging to an extension

Tom, Moshe,

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> >> Hmm. There's an argument to be made that ALTER EXTENSION ADD should
> >> absorb whatever the object's current ACLs are into the pg_init_privs
> >> entries for the extension. (I don't think it does that now, though
> >> I might be wrong.) However ...
>
> > I've not gone and looked yet, but I doubt that it does. I think I can
> > agree with the argument that it really should add those ACLs to
> > pg_init_privs. Of course, any furhter manipulation of the ACLs from
> > that point will cause those ACLs to be included in the pg_dump.
>
> > I'll take a look at ALTER EXTENSION ADD and pg_init_privs.
>
> By the same token, does ALTER EXTENSION DROP remove those entries?

Please find attached a WIP patch to have ALTER EXTENSION ADD/DROP update
pg_init_privs accordingly.

It's a bit big as it needs to have independent code for every different
kind of object that ALTER EXTENSION ADD/DROP supports. Most of that
code is pretty boiler-plate, of course.

I'm planning to review it further, add more regression tests, and then
back-patch it to 9.6.

Moshe, if you're feeling adventurous and want to give it a spin and make
sure it behaves as you're expecting, that'd be great.

Tom, your thoughts and comments are always welcome, if you'd like to
peruse the patch, of course.

Otherwise, I expect to have time to wrap this all up over the weekend.

Thanks!

Stephen