On 02/13/2017 06:04 AM, Stephen Frost wrote:
> Adrian,
>
> * Adrian Klaver (adrian.klaver@aklaver.com) wrote:
>> I am following this up to the point of not understanding what
>> exactly changed between 9.5 and 9.6. Namely 9.5 does include the
>> default ACL's in the dump output and 9.6 does not.
>
> Quite a bit in pg_dump changed, but the relevant bit here is that we now
> try to include in the pg_dump output any ACLs which have been changed
> from their initdb-time settings for initdb-time objects. What that
> means is that if you don't change the privileges for the public schema
> from what they're set to at initdb-time, then we don't dump out any ACL
> commands for the public schema. That ends up being incorrect in '-c'
> mode because we drop the public schema in that mode and recreate it, in
> which case we need to re-implement the ACLs which existed for the public
> schema at initdb-time.
Thanks for the explanation in this post and your previous one. If I am
following pg_init_privs is the initial state of objects ACLs and if that
changes then those entries are removed. So would not the general case
be, on recreating an object use the ACLs in pg_init_privs if they exist
otherwise use the ACLs as they exist wherever they go to on change away
from pg_init_privs? I gather that is what you are proposing as a special
case for the public schema. Just wondering why it should not be the
general case?
>
> Thanks!
>
> Stephen
>
--
Adrian Klaver
adrian.klaver@aklaver.com
