On 02/09/2016 12:47 PM, Robert Haas wrote: > On Tue, Feb 9, 2016 at 3:28 PM, Stephen Frost <sfr...@snowman.net> wrote: >> JD, >> >> * Joshua D. Drake (j...@commandprompt.com) wrote: >>> pg_dump -U $non-super_user >>> >>> Should just work, period. >> >> That ship has sailed already, where you're running a pg_dump against >> objects you don't own and which have RLS enabled on them. > > But you'll get an error rather than an incomplete dump, and you won't > run some code that you didn't want to run. Those distinctions matter.
From the perspective of that unprivileged user, the dump is not incomplete -- it is exactly as complete as it is supposed to be. Personally I don't buy that the current situation is a good thing. I know that the "ship has sailed" and regret not having participated in the earlier discussions, but I agree with JD here -- the unprivileged user should not have to even think about whether RLS exists, they should only see what they have been allowed to see by the privileged users (and in the context of their own objects, owners are privileged). I don't think an unprivileged user should get to decide what code runs in order to make that happen. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
signature.asc
Description: OpenPGP digital signature
