Re: BUG #18242: pg_dump with non-superuser from pg14 to pg15 fails on ALTER FUNCTION

Поиск
Список
Период
Сортировка
От Aksel Allas
Тема Re: BUG #18242: pg_dump with non-superuser from pg14 to pg15 fails on ALTER FUNCTION
Дата
Msg-id CABnLe_C6UbB=mSyDDGHUx3k4=hps1wmehmVmph7=1LG0catT+w@mail.gmail.com
обсуждение исходный текст
Ответ на Re: BUG #18242: pg_dump with non-superuser from pg14 to pg15 fails on ALTER FUNCTION  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-bugs
Дерево обсуждения
In my specific scenario it could be fixed such that e.g. pg_dump has a flag for non superuser usage. 

If the flag is enabled, the dump could check if CREATE privilege is given at the end of the dump file to the correct schema and instead give the privilege after connecting to the correct database. Then my case would work.

Best wishes!
Aksel


On Tue, Dec 12, 2023, 6:55 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
"Wetmore, Matthew (CTR)" <Matthew.Wetmore@express-scripts.com> writes:
> What about a whole new user type:
> An 'Admin' account that isn't a super user, but just has dump/ elevated permissions /customizable.

[ shrug... ]  Maybe, but there's a mighty lot of devils hiding in
the details.  Exactly what special privileges would this user type
need?  How would we convince ourselves (and more to the point,
convince the cloud providers) that such a set of privileges is
safe to give out?  Poking holes in the privilege model is usually
a good way to create security hazards.

BTW, please keep the list cc'd.

                        regards, tom lane

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: BUG #18244: Corruption in indexes involving whole-row expressions
Следующее
От: Daniel Gustafsson
Дата:
Сообщение: Re: BUG #18245: pg_restore accepts same output file name as input file name