Re: [HACKERS] Change in "policy" on dump ordering? - Mailing list pgsql-hackers

From Tom Lane
Subject Re: [HACKERS] Change in "policy" on dump ordering?
Date
Msg-id 19472.1501094484@sss.pgh.pa.us
Whole thread Raw
In response to Re: [HACKERS] Change in "policy" on dump ordering?  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: [HACKERS] Change in "policy" on dump ordering?
List pgsql-hackers
I thought of a quite different way that we might attack this problem,
but I'm not sure if it's worth pursuing or not.  The idea is basically
that we should get rid of the existing kluge for pushing ACLs to the end
altogether, and instead rely on dependency sorting to make things work.
This'd require some significant surgery on pg_dump, but it seems doable:

* Make ACLs have actual DumpableObject representations that participate
in the topological sort.

* Add more explicit dependencies between these objects and other ones.
For example, we'd fix the matview-permissions problem by adding
dependencies not only on the tables a matview references, but on their
ACLs.  Another case is that we'd want to ensure that a table's ACL comes
out after the table data, so as to solve the original problem that the
current behavior was meant to deal with, ie allowing restore of tables
even if they've been made read-only by revoking the owner's INSERT
privilege.  But I think that case would best be dealt with by forcing
table ACLs to be post-data objects.  (Otherwise they might come out in the
middle "data" section of a restore, which is likely to break some client
assumptions somewhere.)  Another variant of that is that table ACLs
probably need to come out after CREATE TRIGGER and foreign-key
constraints, in case an owner has revoked their own TRIGGER or REFERENCES
privilege.

This seems potentially doable, but I sure don't see it coming out small
enough to be a back-patchable fix; nor would it make things work for
existing archive files, only new dumps.  In fact, if we don't want to
break parallel restore for existing dump files, we'd probably still have
to implement the postpone-all-ACLs rule when dealing with an old dump
file.  (But maybe we could blow off that case, and just say you might have
to not use parallel restore with old dumps that contain self-revoke ACLs?)

The bigger issue is whether there's some failure case this would cause
that I'm missing altogether.  Thoughts?
        regards, tom lane



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: [HACKERS] expand_dbname in postgres_fdw
Next
From: Alvaro Herrera
Date:
Subject: Re: [HACKERS] expand_dbname in postgres_fdw