Participants
Christopher Kings-Lynne
Christopher Kings-Lynne
Tom Lane
Tom Lane
Bruce Momjian
Bruce Momjian
Attachments

No attachments in this thread

Thread Outline
#1Christopher Kings-LynneChristopher Kings-Lynne
Sep 29, 2003
#2Tom LaneTom Laneto Christopher Kings-Lynne (#1)
Sep 29, 2003
#3Bruce MomjianBruce Momjianto Tom Lane (#2)
Sep 29, 2003

pg_dump permissions problem

Started by Christopher Kings-Lynneover 22 years ago3 messages
#1Christopher Kings-Lynne
Christopher Kings-Lynne
chriskl@familyhealth.com.au

Hi guys,

My live 7.3.4 database dumps data like this:

SET SESSION AUTHORIZATION 'auadmin';

--
-- TOC entry 346 (OID 1012952)
-- Name: log_freeprofile; Type: TABLE; Schema: public; Owner: auadmin
--

CREATE TABLE log_freeprofile (
date date DEFAULT ('now'::text)::date NOT NULL,
"start" integer DEFAULT '0',
complete integer DEFAULT '0',
gotojoin integer DEFAULT '0',
payment integer DEFAULT '0',
done integer DEFAULT '0',
joined integer DEFAULT '0'
);

--
-- TOC entry 347 (OID 1012952)
-- Name: log_freeprofile; Type: ACL; Schema: public; Owner: auadmin
--

REVOKE ALL ON TABLE log_freeprofile FROM PUBLIC;
GRANT ALL ON TABLE log_freeprofile TO brett;
GRANT INSERT,SELECT,UPDATE ON TABLE log_freeprofile TO "au-php";
GRANT SELECT ON TABLE log_freeprofile TO GROUP readonly;
REVOKE ALL ON TABLE log_freeprofile FROM auadmin;

Now, loading this into 7.4beta3 gives this error:

ERROR: dependent privileges exist

When executing the REVOKE ALL line.

I think this occurs because we do all the grants as auadmin, not as the
superuser loading the file. This means that all the grants that we
grant are dependent privilegs, and hence that REVOKE line needs a
CASCADE option.

Actually, why does that line even exist!?!? Why do we need to REVOKE
ALL from the table owner??

What should we do about this?

Chris

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Christopher Kings-Lynne (#1)
Re: pg_dump permissions problem

Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:

My live 7.3.4 database dumps data like this:

REVOKE ALL ON TABLE log_freeprofile FROM PUBLIC;
GRANT ALL ON TABLE log_freeprofile TO brett;
GRANT INSERT,SELECT,UPDATE ON TABLE log_freeprofile TO "au-php";
GRANT SELECT ON TABLE log_freeprofile TO GROUP readonly;
REVOKE ALL ON TABLE log_freeprofile FROM auadmin;

Now, loading this into 7.4beta3 gives this error:
ERROR: dependent privileges exist
When executing the REVOKE ALL line.

Yeah, this is a known issue. I think Peter was off looking into solutions.
It's clearly a "must fix" item. Not sure if Bruce's open-items entry
Fix REVOKE ALL ON FUNCTION error when removing owner permissions
describes exactly the same problem or something else.

regards, tom lane

#3Bruce Momjian
Bruce Momjian
pgman@candle.pha.pa.us
In reply to: Tom Lane (#2)
Re: pg_dump permissions problem

Tom Lane wrote:

Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:

My live 7.3.4 database dumps data like this:

REVOKE ALL ON TABLE log_freeprofile FROM PUBLIC;
GRANT ALL ON TABLE log_freeprofile TO brett;
GRANT INSERT,SELECT,UPDATE ON TABLE log_freeprofile TO "au-php";
GRANT SELECT ON TABLE log_freeprofile TO GROUP readonly;
REVOKE ALL ON TABLE log_freeprofile FROM auadmin;

Now, loading this into 7.4beta3 gives this error:
ERROR: dependent privileges exist
When executing the REVOKE ALL line.

Yeah, this is a known issue. I think Peter was off looking into solutions.
It's clearly a "must fix" item. Not sure if Bruce's open-items entry
Fix REVOKE ALL ON FUNCTION error when removing owner permissions
describes exactly the same problem or something else.

Yep, that is it. It was reported as a bug by two people recently.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
← Back to Topics