* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > Per discussion about the best approach to reduce the amount of
> > superuser-only capabilities, this patch modifies pg_dump to dump out
> > all ACLs which exist on objects in the pg_catalog schema.
>
> Um ... surely there are some of those that are installed by default?
There are a few, but not terribly many currently.
> To make this work, you'd need a way to distinguish privileges installed
> by initdb from those changed later.
To replicate whatever the current ACL is, we don't actually need to
make such a differentiation. I'm not against doing so, but the only
point of it would be to eliminate a few extra lines being dumped out
which re-run those commands that initdb runs on restore.
The downside of doing so would be having to keep track of the exact ACLs
set for every object in pg_catalog which has a non-NULL ACL at initdb
time for every version of PG that the latest version of pg_dump
supports, and making sure that any changes to those get updated in
pg_dump in addition to the relevant system_views.sql change.
That's possible, but I wasn't sure it was worth it.
Thanks!
Stephen
