mirror of
https://github.com/postgres/postgres.git
synced 2025-07-28 23:42:10 +03:00
In pg_dump, include pg_catalog and extension ACLs, if changed
Now that all of the infrastructure exists, add in the ability to dump out the ACLs of the objects inside of pg_catalog or the ACLs for objects which are members of extensions, but only if they have been changed from their original values. The original values are tracked in pg_init_privs. When pg_dump'ing 9.6-and-above databases, we will dump out the ACLs for all objects in pg_catalog and the ACLs for all extension members, where the ACL has been changed from the original value which was set during either initdb or CREATE EXTENSION. This should not change dumps against pre-9.6 databases. Reviews by Alexander Korotkov, Jose Luis Tallon
This commit is contained in:
@ -338,6 +338,27 @@
|
||||
data; see below.)
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The extension script may set privileges on objects which are part of the
|
||||
extension via <command>GRANT</command> and <command>REVOKE</command>
|
||||
statements. The final set of privileges for each object (if any are set)
|
||||
will be stored in the
|
||||
<link linkend="catalog-pg-init-privs"><structname>pg_init_privs</structname></link>
|
||||
system catalog. When <application>pg_dump</> is used, the
|
||||
<command>CREATE EXTENSION</> command will be included in the dump, followed
|
||||
by the set of <command>GRANT</command> and <command>REVOKE</command>
|
||||
statements necessary to set the privileges on the objects to what they were
|
||||
at the time the dump was taken.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
<productname>PostgreSQL</> does not currently support extension scripts
|
||||
issuing <command>CREATE POLICY</command> or <command>SECURITY LABEL</command>
|
||||
statements. These are expected to be set after the extension has been
|
||||
created. All RLS policies and security labels on extension objects will be
|
||||
included in dumps created by <application>pg_dump</>.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The extension mechanism also has provisions for packaging modification
|
||||
scripts that adjust the definitions of the SQL objects contained in an
|
||||
|
Reference in New Issue
Block a user