On Sun, Apr 03, 2016 at 10:27:02PM -0400, Stephen Frost wrote: > * Fujii Masao (masao.fu...@gmail.com) wrote: > > Currently only superusers can call pgstattuple(). > > I started looking into this. > > If we were starting from a green field, the pg_dump dump catalog ACLs > patch would work just fine for this case. Simply remove the superuser > checks and REVOKE EXECUTE from public in the script and we're done. > > Unfortunately, we aren't, and that's where things get complicated. The > usual pg_upgrade case will, quite correctly, dump out the objects > exactly as they exist from the 9.5-or-earlier system and restore them > into the 9.6 system, however, the new .so will be installed and that .so > won't have the superuser checks in it. > > The only approach to addressing this which I can think of offhand would > be to have the new .so library check the version of the extension and, > for the 1.3 (pre-9.6) and previous versions, keep the superuser check, > but skip it for 1.4 (9.6) and later versions.
At the C level, have a pgstattuple function and a pgstattuple_v1_4 function. Let them differ only in that the former has a superuser check. Binary upgrades will use the former, and fresh CREATE EXTENSION shall use the latter. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers