Re: Bug in handling default privileges inside extension update scripts
| От | Stephen Frost |
|---|---|
| Тема | Re: Bug in handling default privileges inside extension update scripts |
| Дата | |
| Msg-id | 20210426172945.GW20766@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: Bug in handling default privileges inside extension update scripts (Mats Kindahl <mats@timescale.com>) |
| Ответы |
Re: Bug in handling default privileges inside extension update scripts
|
| Список | pgsql-bugs |
Greetings, * Mats Kindahl (mats@timescale.com) wrote: > On Thu, Apr 22, 2021 at 5:15 PM Stephen Frost <sfrost@snowman.net> wrote: > > * Mats Kindahl (mats@timescale.com) wrote: > > > * To be able to read the configuration tables, "reader" need to have > > > SELECT privileges. > > > > > > * Since the new role is added by the user and not by the extension, > > > the grants have to be dumped as well. Otherwise, a restore of the > > > data will have wrong privileges. > > > > > > * Since new configuration tables could be added by an update of the > > > extension, it is necessary to make sure that these privileges are > > > added to new tables when updating. Typically, this means changing > > > the default privileges on the schema for the configuration files. > > > > If the extension is updated, I think it's entirely reasonable to expect > > an admin to have to go in and update the relevant permissions on any new > > tables that have come into existance and, as I've said elsewhere, I > > don't think that schema-level default privs should be applied to tables > > created by extensions. Sadly, no one else seems to have an opinion > > regarding that and so there hasn't been a change in that, yet, but > > that's the source of the issue imv. > > That is a different way to solve it, but I think that is a little > unintuitive. I am actually proposing to still assign default privileges, > but not add them to initprivs, to make sure that they are treated the same > way before and after an update. Yes, I understood your suggestion, but I did, and still do, disagree with that approach- how is an admin supposed to correctly guess what permissions would be appropriate for new tables being added during an upgrade of an extension? Not to mention that extensions routinely get added to existing schemas and I don't think it's at all obvious to users that tables, functions, etc, added by an extension into a schema should get the default privileges for that schema (and that could even lead to security issues, I suspect...), not to mention that you have to wonder if the privileges installed by the extension should be applied *first*, and default privs after, or if the default privileges should be first and the extension's privileges after. As it's currently the latter, it's rather complicated as the extension has no idea what to expect the privileges on the object to be and so how can it sensibly set privileges on it..? More and more it looks clear to me that this is really just broken and we need to stop applying default privs to objects created by extensions. Thanks, Stephen
Вложения
В списке pgsql-bugs по дате отправления: