Re: pg_restore -L reordering of the statements does not work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andres Freund <andres@xxxxxxxxxxx> writes:
> On 2023-11-14 15:42:22 -0500, Tom Lane wrote:
>> Moreover, reordering the GRANTs is no solution, because who promised that
>> the schema owner granted you any permissions?

> I'm not quite following - the schema is created in the dump, so the grant is
> part of it?

Yeah, but the GRANT will restore whatever permissions existed in the
source database.  If the restoring user isn't super, those permissions
don't necessarily grant him access.

>> I experimented with making the restoring user be a member with inherit
>> of the nosuper_N roles, and indeed I still see the failure above,
>> which makes me wonder if the ACL check is being done correctly for
>> that specific case.  The INHERIT bit ought to let it work.

> The check is for nosuper_2 to have permission on the schema

... no, it should be for the user executing the ALTER to have permission.

> ... and the check
> happens before the grant on the schema. For inherit to help, nosuper_2 would
> have to be granted membership to the presumably more privileged user doing the
> restore.

No, surely the other way?  Restoring user must be member of nosuper_2,
else the ALTER OWNER won't work either.

			regards, tom lane






[Index of Archives]     [Postgresql Home]     [Postgresql General]     [Postgresql Performance]     [Postgresql PHP]     [Postgresql Jobs]     [PHP Users]     [PHP Databases]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Forum]

  Powered by Linux