On 03/01/2016 08:00 AM, Tom Lane wrote: > Joe Conway <m...@joeconway.com> writes: >> Would it be a terrible idea to add some attribute to ACLs which can be >> used to indicate they should not be dumped (and supporting syntax)? > > Yes, we'd need some way to mark non-null ACLs as being "built-in > defaults". I do not see the need to have SQL syntax supporting that > though.
I was thinking the supporting syntax might be used by extensions, for example. > Actually, wouldn't you need to mark individual aclitems as built-in > or not? Consider a situation where we have some function foo() that > by default has EXECUTE permission granted to some built-in "pg_admin" > role. If a given installation then also grants EXECUTE to "joe", > what you really want to have happen is for pg_dump to dump only the > grant to "joe". Mentioning pg_admin's grant would tie the dump to > a particular major PG version's idea of what the built-in roles are, > which is what I'm arguing we need to avoid. Yes, I guess it would need to be a per aclitem attribute. > I guess this could also be addressed by having two separate aclitem[] > columns, one that is expected to be frozen after initdb and one for > user-added grants. Yeah, that would work, but seems kind of ugly. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
signature.asc
Description: OpenPGP digital signature
