Re: ACLs versus ALTER OWNER

Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:
> I think we need a proper 'effective user' facility.

> At the moment, there's breakage if a super user creates a language, then 
> drops their superuser privs, then the dump cannot be restored.

The problem here is not with pg_dump; the problem is that dropping
privileges doesn't cascade to dropping objects that are dependent on
those privileges.  AFAICS the SQL spec requires us to be able to do
the latter.  If we're gonna invest work on fixing this, we ought to do
what the spec tells us to, not invent warts on the security model.
Tossing in expedient concepts like "effective user" is a great recipe
for creating unfixable security holes.
        regards, tom lane