Re: [HACKERS] pg_dump does not handle indirectly-granted permissionsproperly
| От | tushar |
|---|---|
| Тема | Re: [HACKERS] pg_dump does not handle indirectly-granted permissionsproperly |
| Дата | |
| Msg-id | 26a0cdd9-5283-291e-6f3d-708f251e8266@enterprisedb.com обсуждение исходный текст |
| Ответ на | [HACKERS] pg_dump does not handle indirectly-granted permissions properly (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: [HACKERS] pg_dump does not handle indirectly-granted permissions properly
|
| Список | pgsql-hackers |
On 07/26/2017 02:12 AM, Tom Lane wrote: > AFAICT, pg_dump has no notion that it needs to be careful about the order > in which permissions are granted. I did > > regression=# create user joe; > CREATE ROLE > regression=# create user bob; > CREATE ROLE > regression=# create user alice; > CREATE ROLE > regression=# \c - joe > You are now connected to database "regression" as user "joe". > regression=> create table joestable(f1 int); > CREATE TABLE > regression=> grant select on joestable to alice with grant option; > GRANT > regression=> \c - alice > You are now connected to database "regression" as user "alice". > regression=> grant select on joestable to bob; > GRANT > > and then pg_dump'd that. The ACL entry for joestable looks like this: > > -- > -- TOC entry 5642 (class 0 OID 0) > -- Dependencies: 606 > -- Name: joestable; Type: ACL; Schema: public; Owner: joe > -- > > SET SESSION AUTHORIZATION alice; > GRANT SELECT ON TABLE joestable TO bob; > RESET SESSION AUTHORIZATION; > GRANT SELECT ON TABLE joestable TO alice WITH GRANT OPTION; > > Unsurprisingly, that fails to restore: > > db2=# SET SESSION AUTHORIZATION alice; > SET > db2=> GRANT SELECT ON TABLE joestable TO bob; > ERROR: permission denied for relation joestable > > > I am not certain whether this is a newly introduced bug or not. > However, I tried it in 9.2-9.6, and all of them produce the > GRANTs in the right order: > > GRANT SELECT O I am also getting the same error while doing pg_upgrade from v9.6 to v10 ,although not able to reproduce v9.5->v9.6 pg_upgrade. v9.6 CREATE TABLE deptest (f1 serial primary key, f2 text); \set VERBOSITY default CREATE USER regress_dep_user0; CREATE USER regress_dep_user1; CREATE USER regress_dep_user2; SET SESSION AUTHORIZATION regress_dep_user0; REASSIGN OWNED BY regress_dep_user0 TO regress_dep_user1; REASSIGN OWNED BY regress_dep_user1 TO regress_dep_user0; CREATE TABLE deptest1 (f1 int unique); GRANT ALL ON deptest1 TO regress_dep_user1 WITH GRANT OPTION; SET SESSION AUTHORIZATION regress_dep_user1; GRANT ALL ON deptest1 TO regress_dep_user2; v10 - run pg_upgrade. -- regards,tushar EnterpriseDB https://www.enterprisedb.com/ The Enterprise PostgreSQL Company
В списке pgsql-hackers по дате отправления: