On 02/13/2017 06:04 AM, Stephen Frost wrote:
Adrian,
* Adrian Klaver (adrian.klaver@xxxxxxxxxxx) wrote:
I am following this up to the point of not understanding what
exactly changed between 9.5 and 9.6. Namely 9.5 does include the
default ACL's in the dump output and 9.6 does not.
Quite a bit in pg_dump changed, but the relevant bit here is that we now
try to include in the pg_dump output any ACLs which have been changed
from their initdb-time settings for initdb-time objects. What that
means is that if you don't change the privileges for the public schema
from what they're set to at initdb-time, then we don't dump out any ACL
commands for the public schema. That ends up being incorrect in '-c'
mode because we drop the public schema in that mode and recreate it, in
which case we need to re-implement the ACLs which existed for the public
schema at initdb-time.
Thanks for the explanation in this post and your previous one. If I am
following pg_init_privs is the initial state of objects ACLs and if that
changes then those entries are removed. So would not the general case
be, on recreating an object use the ACLs in pg_init_privs if they exist
otherwise use the ACLs as they exist wherever they go to on change away
from pg_init_privs? I gather that is what you are proposing as a special
case for the public schema. Just wondering why it should not be the
general case?
Thanks!
Stephen
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general