On Wed, Jul 13, 2016 at 5:18 AM, Stephen Frost <sfr...@snowman.net> wrote: > Attached is a patch to address this. > > After much consideration and deliberation, I went with the simpler > solution to simply dump out the database privileges based on what a new > creation of those privileges would yield, resulting in output similar to > pre-9.6. We document that template1 is allowed to be dropped/recreated, > which greatly complicates using pg_init_privs to record and produce a > delta against the initdb-time values, as we lose the connection between > pg_init_privs and the "template1" database as soon as it is dropped > (something which can't be done with objects in that catalog).
+ "(SELECT pg_catalog.array_agg(acl) FROM (SELECT pg_catalog.unnest(coalesce(datacl,pg_catalog.acldefault('d',datdba))) AS acl " + "EXCEPT SELECT pg_catalog.unnest(pg_catalog.acldefault('d',datdba))) as foo)" + "AS datacl," + "(SELECT pg_catalog.array_agg(acl) FROM (SELECT pg_catalog.unnest(pg_catalog.acldefault('d',datdba)) AS acl " + "EXCEPT SELECT pg_catalog.unnest(coalesce(datacl,pg_catalog.acldefault('d',datdba)))) as foo)" + "AS rdatacl," It took me some time to understand that those are the GRANT and REVOKE ACLs separated into two columns to get advantage of buildACLCommands.. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers