Search Postgresql Archives

Re: Privileges granted on dblink extension function do not survive database dump and restore

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 02/26/2016 07:12 AM, David G. Johnston wrote:
> pg_dump emits a "CREATE EXTENSION" statement to the dump file and then
> pg_restore executes the "CREATE EXTENSION".  None of the actual schema
> objects are dumped and thus any changes to those objects in the current
> database, including their permissions, are lost.

Exactly. As the docs say "Such a change is usually only sensible if you
concurrently make the same change in the extension's script file." So
you can edit this file:

  $(pg_config --sharedir)/extension/dblink--1.1.sql

and add your GRANT. However also be advised that the change will be lost
on a major upgrade.

An alternate might be to wrap the dblink function call with your own
security definer function. That would get dumped and reloaded. Just be
careful what you allow that function to do -- i.e. don't let it run
arbitrary queries, just one very specific one. See
http://www.postgresql.org/docs/9.5/interactive/sql-createfunction.html

HTH,

Joe

-- 
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux