Michael, * Michael Paquier (michael.paqu...@gmail.com) wrote: > On Fri, Jan 29, 2016 at 6:37 AM, Stephen Frost <sfr...@snowman.net> wrote: > > * Robert Haas (robertmh...@gmail.com) wrote: > >> On Thu, Jan 28, 2016 at 11:04 AM, Stephen Frost <sfr...@snowman.net> > wrote: > >> > Personally, I don't have any particular issue having both, but the > >> > desire was stated that it would be better to have the regular > >> > GRANT EXECUTE ON catalog_func() working before we consider having > >> > default roles for same. That moves the goal posts awful far though, if > >> > we're to stick with that and consider how we might extend the GRANT > >> > system in the future. > >> > >> I don't think it moves the goal posts all that far. Convincing > >> pg_dump to dump grants on system functions shouldn't be a crazy large > >> patch. > > > > I wasn't clear as to what I was referring to here. I've already written > > a patch to pg_dump to support grants on system objects and agree that > > it's at least reasonable. > > Is it already posted somewhere? I don't recall seeing it. Robert and Noah > have a point that this would be useful for users who would like to dump > GRANT/REVOKE rights on system functions & all, using a new option in > pg_dumpall, say --with-system-acl or --with-system-privileges.
Multiple versions were posted on this thread. I don't fault you for not finding it, this thread is a bit long in the tooth. The one I'm currently working from is: http://www.postgresql.org/message-id/attachment/38049/catalog_function_acls_v4.patch I'm going to split up the pg_dump changes and the backend changes, as they can logically go in independently (though without both, we're not moving the needle very far with regards to what administrators can do). > If at least > the three of you are agreeing here I think that we should try to move at > least toward this goal first. That seems a largely doable goal for 9.6. For > the set of default roles, there is clearly no clear consensus regarding > what each role should do or not, and under which limitation it should > operate. I'm trying to work towards a consensus on the default roles, hence the questions and discussion posed in the email you replied to. Thanks! Stephen
Description: Digital signature