BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump - Mailing list pgsql-bugs

From jeff@pgexperts.com
Subject BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump
Date
Msg-id E1UzrOw-00065n-Mb@wrigleys.postgresql.org
Whole thread Raw
Responses Re: BUG #8315: GRANTS allowed on extension functions, but not dumped by pg_dump
List pgsql-bugs
The following bug has been logged on the website:

Bug reference:      8315
Logged by:          Jeff Frost
Email address:      jeff@pgexperts.com
PostgreSQL version: 9.2.4
Operating system:   Scientific Linux 6
Description:

Simple test case:


pgx-test:~ $ createdb permtest
pgx-test:~ $ psql permtest
psql (9.2.4)
Type "help" for help.


permtest=# create extension dblink;
CREATE EXTENSION


permtest=# create role permtestuser with login nosuperuser;


permtest=# grant EXECUTE on FUNCTION dblink(text) to permtestuser;
GRANT


pgx-test:~ $ pg_dump -s permtest | grep GRANT
GRANT ALL ON SCHEMA public TO postgres;
GRANT ALL ON SCHEMA public TO PUBLIC;


I imagine we are expecting people to write security definer wrapper
functions, but if so, we should probably not allow them to grant permissions
on extension functions (and tables?) if we aren't going to preserve them in
the dump.

pgsql-bugs by date:

Previous
From: bricklen
Date:
Subject: Re: PGSQL Bug
Next
From: bricklen
Date:
Subject: Re: PGSQL Bug