Re: Largeobject Access Controls (r2460)
Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
From: Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
To: KaiGai Kohei <kaigai@ak.jp.nec.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Jaime Casanova <jcasanov@systemguards.com.ec>, Greg Smith <greg@2ndquadrant.com>, pgsql-hackers@postgresql.org
Date: 2010-01-21T10:42:30Z
Lists: pgsql-hackers
KaiGai Kohei <kaigai@ak.jp.nec.com> wrote: > > I'm not sure whether we need to make groups for each owner of large objects. > > If I remember right, the primary issue was separating routines for dump > > BLOB ACLS from routines for BLOB COMMENTS, right? Why did you make the change? > > When --use-set-session-authorization is specified, pg_restore tries to > change database role of the current session just before creation of > database objects to be restored. > > Ownership of the database objects are recorded in the section header, > and it informs pg_restore who should be owner of the objects to be > restored in this section. > > Then, pg_restore can generate ALTER xxx OWNER TO after creation, or > SET SESSION AUTHORIZATION before creation in runtime. > So, we cannot put creation of largeobjects with different ownership > in same section. > > It is the reason why we have to group largeobjects by database user. Ah, I see. Then... What happen if we drop or rename roles who have large objects during pg_dump? Does the patch still work? It uses pg_get_userbyid(). Regards, --- Takahiro Itagaki NTT Open Source Software Center