Re: BUG #13907: Restore materialized view throw permission denied

From: Kevin Grittner <kgrittn(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, marian(dot)krucina(at)gmail(dot)com, PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #13907: Restore materialized view throw permission denied
Date: 2016-07-26 16:39:21
Message-ID: CACjxUsOzazsa7mFxEXs+TU=F_zv7ZdRR86i_2OF_+ZxOYB1Yvg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On Tue, Jul 26, 2016 at 10:13 AM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Kevin Grittner <kgrittn(at)gmail(dot)com> writes:
>> The problem we're having restoring the matview state is that not
>> all ACLs needed for *SELECT* permissions are in place in time. I
>> am not seeing the problem with self-revoke on REFRESH. What am I
>> missing?
>
> Uh ... that the owner might revoke his own SELECT privilege?

What about policies that might have changed since the latest
REFRESH before dump? How about views or functions that might have
changed? If I'm understanding what you want, the only way to get
that would be to COPY matview data the same as a table, and have a
way to load it in before locking down the matview from direct
changes. That seems to me like it would completely compromise
future ability to incrementally maintain matviews, since you could
not have any assurance that the state of a matview matched any
particular derivation from the sources, matched to a point where
changes could be played forward.

>> One other question about the patch was what I did for testing. It
>> seemed like a good idea to have dump/restore tests, but I don't see
>> how to do that without leaving a role or two lingering in the
>> cluster. Is that allowed?
>
> In make installcheck, no, it is absolutely not. I'd suggest thinking
> about testing this in the pg_dump TAP tests, instead, where we're just
> creating a private database instance.

ok

--
Kevin Grittner
EDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2016-07-26 17:32:47 Re: BUG #13907: Restore materialized view throw permission denied
Previous Message Tom Lane 2016-07-26 15:13:54 Re: BUG #13907: Restore materialized view throw permission denied