CREATE TABLE LIKE INCLUDING PRIVILEGES
Hi,
Inspired by this message [1]/messages/by-id/546590.1771005826@sss.pgh.pa.us, introduce CREATE TABLE LIKE INCLUDING PRIVILEGES.
With this, the source table ACL stored in pg_class.relacl and
pg_attribute.attacl will now be copied to the target table.
This functionality only works if the current user is also the owner of
the source table.
Demo:
CREATE ROLE alice;
CREATE ROLE bob;
SET ROLE alice;
CREATE TABLE src (a int, b int);
GRANT INSERT ON src TO bob WITH GRANT OPTION;
CREATE TABLE dst (LIKE src INCLUDING PRIVILEGES);
SELECT relacl FROM pg_class WHERE relname = 'dst';
relacl
-------------------------------------
{alice=arwdDxtm/alice,bob=a*/alice}
Attachments:
v1-0001-CREATE-TABLE-LIKE-INCLUDING-PRIVILEGES.patchtext/x-patch; charset=US-ASCII; name=v1-0001-CREATE-TABLE-LIKE-INCLUDING-PRIVILEGES.patchDownload+419-19
Hello
Inspired by this message [1]
My interpretation of that message was not to go in this direction:
(And no, I'd not look favorably on a response that proposes to fix
that by adding the ability to copy ownership/permissions. There
are probably security problems in such an idea.)
And I do see some issues in that regard with this patch:
This functionality only works if the current user is also the owner of
the source table.
With these changes, `INCLUDING ALL` requires ownership. I don't think that's an acceptable breaking change? I also don't see a good way to deal with that:
* either INCLUDING ALL doesn't include this - which would be confusing
* or it doesn't include this for non owned tables - even more confusing
* or it ignores ownership, which would be insecure
do you have a better suggestion?
There's also a privilege escalation issue in the current patch: if any of the privileges have GRANT option, all of them will have in the new table.