On Fri, Feb 17, 2023 at 3:38 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > Floris Van Nee <florisvan...@optiver.com> writes: > > This is as far as I can see the same case as what I reported a few years > > ago here: > > https://www.postgresql.org/message-id/flat/1574068566573.13088%40Optiver.com#488bd647ce6f5d2c92764673a7c58289 > > There was a discussion with some options, but no fix back then. > > Hmm, so Stephen was opining that the extension's objects shouldn't > have gotten these privs attached in the first place. I'm not > quite convinced about that one way or the other, but if you buy it > then maybe this situation is unreachable once we fix that. I'm > not sure though. It's still clear that we are making ACL entries > that aren't reflected in pg_shdepend, and that seems bad.
Yep. I think you have the right idea how to fix this. Making extension creation somehow not subject to the same rules about default privileges as everything else doesn't seem like either a good idea or a real fix for this problem. -- Robert Haas EDB: http://www.enterprisedb.com
