| From: | Moshe Jacobson <moshe(at)neadwerx(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | daniele(dot)varrazzo(at)gmail(dot)com, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #14456: pg_dump doesn't restore permissions on tables belonging to an extension |
| Date: | 2017-01-12 18:49:14 |
| Message-ID: | CAJ4CxLk8iAsLVgmv2NAWNoKD3cA+pqJ0UmB9=135DsJzcfEXOg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Stephen, thank you for responding, but your response indicated a
misunderstanding. In lieu of a standalone example, let me explain the issue
again.
Scenario:
1. Extension is installed into its own schema. Installation is now
complete.
2. Extension creates a new table in its schema
3. Extension changes ACLs on the table.
4. After changing ACLs, the table is added to the extension (ALTER
EXTENSION)
5. A pg_dump of this database will now include ACL commands for the
table.
6. A pg_restore of this file will give warnings because the ACLs refer
to a table that is not created as part of the installation process.
Because I am setting the ACLs before adding the table to the extension, is
should not include those ACLs in the pg_dump output.
Thanks.
On Thu, Jan 12, 2017 at 1:35 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> Greetings,
>
> * Moshe Jacobson (moshe(at)neadwerx(dot)com) wrote:
> > My extension dynamically creates extension-owned tables and puts ACLs on
> > them.
>
> Ok, in 9.6, we should realize that your extension changed the ACLs for
> those tables.
>
> > When the database is dumped, it includes grants/revokes for those tables,
> > which will not exist when the extension is re-installed.
>
> When the database is dumped, it should include a CREATE EXTENSION
> command. It also shouldn't include GRANTs/REVOKEs unless the user
> changed the permissions on the extension's tables from what they were
> set to when the extension was installed.
>
> > As a result, when the database is restored, I keep getting warnings
> because
> > it's trying to apply ACLs to tables that don't exist.
> >
> > Is there a way around this issue?
>
> A self-contained test case against 9.6 which shows the issue you're
> having would really be the best way to help us.
>
> If the issue is that you're working on a pre-9.6 version of PG, then I'm
> afraid you'll need to upgrade or live with the warnings.
>
> Thanks!
>
> Stephen
>
--
Moshe Jacobson
Principal Architect, Nead Werx Inc.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-01-12 19:01:41 | Re: BUG #14456: pg_dump doesn't restore permissions on tables belonging to an extension |
| Previous Message | Stephen Frost | 2017-01-12 18:34:57 | Re: BUG #14456: pg_dump doesn't restore permissions on tables belonging to an extension |