On Wed, 2024-01-24 at 19:04 +0200, kaido vaikla wrote: > CREATE EXTENSION doc should be change like: > "The user who runs CREATE EXTENSION becomes the owner of the extension until first export-import" ;) Here is a patch that implements something like that. Yours, Laurenz Albe
From c09aca36b0f15728861c321c9d15be1e8195cf55 Mon Sep 17 00:00:00 2001 From: Laurenz Albe <laurenz.albe@xxxxxxxxxxx> Date: Mon, 29 Jan 2024 08:55:24 +0100 Subject: [PATCH v1] Document that pg_dump changes extension ownership After restoring a dunp, extensions will belong to the restoring user. This is no security problem, since the members of an extension will belong to a superuser no matter what. But it can be annoying for a non-superuser who installs a trusted extension and finds that she cannot drop the extension after a restore. Arguably that's a bug, and there should be a command ALTER EXTENSION ... OWNER TO that gets added to the dump, but until somebody gets to implement such a command, we had better document the current behavior. Author: Laurenz Albe Discussion: https://postgr.es/m/CA%2B427g-YecPcvrHLJjoP92gDQy199qvvKCj_OvXhR3qmeu0zRQ%40mail.gmail.com --- doc/src/sgml/ref/create_extension.sgml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/src/sgml/ref/create_extension.sgml b/doc/src/sgml/ref/create_extension.sgml index ca2b80d669..4ec34f31e2 100644 --- a/doc/src/sgml/ref/create_extension.sgml +++ b/doc/src/sgml/ref/create_extension.sgml @@ -49,7 +49,9 @@ CREATE EXTENSION [ IF NOT EXISTS ] <replaceable class="parameter">extension_name The user who runs <command>CREATE EXTENSION</command> becomes the owner of the extension for purposes of later privilege checks, and normally also becomes the owner of any objects created by the - extension's script. + extension's script. Note that the ownership of extensions is not preserved + by <command>pg_dump</command>: after restoring a dump, extensions will + belong to the user who performed the restore. </para> <para> -- 2.43.0
