* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > Per discussion about the best approach to reduce the amount of > > superuser-only capabilities, this patch modifies pg_dump to dump out > > all ACLs which exist on objects in the pg_catalog schema. > > Um ... surely there are some of those that are installed by default?
There are a few, but not terribly many currently. > To make this work, you'd need a way to distinguish privileges installed > by initdb from those changed later. To replicate whatever the current ACL is, we don't actually need to make such a differentiation. I'm not against doing so, but the only point of it would be to eliminate a few extra lines being dumped out which re-run those commands that initdb runs on restore. The downside of doing so would be having to keep track of the exact ACLs set for every object in pg_catalog which has a non-NULL ACL at initdb time for every version of PG that the latest version of pg_dump supports, and making sure that any changes to those get updated in pg_dump in addition to the relevant system_views.sql change. That's possible, but I wasn't sure it was worth it. Thanks! Stephen
signature.asc
Description: Digital signature
