Re: Extension pg_trgm, permissions and pg_dump order

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Noah Misch <noah@leadboat.com>
Cc: Michael Paquier <michael@paquier.xyz>, pgsql-bugs@lists.postgresql.org, Färber, Franz-Josef (StMUK) <Franz-Josef.Faerber@stmuk.bayern.de>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2022-06-21T17:56:16Z
Lists: pgsql-bugs, pgsql-general
On Wed, Jun 15, 2022 at 10:42:18PM -0700, Noah Misch wrote:
> -REGRESS = citext citext_utf8
> +REGRESS = create_index_acl citext citext_utf8

It's a little unfortunate that these tests are located within the citext
module, but I can't claim to have a better idea.

> +		 * Identify the opclass to use.  Use of ddl_userid is necessary due to
> +		 * ACL checks therein.  This is safe despite opclasses containing
> +		 * opaque expressions (specifically, functions), because only
> +		 * superusers can define opclasses.

It's not clear to me why the fact that only superusers can define opclasses
makes this safe.

Overall, the patch seems reasonable to me.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com



Commits

  1. CREATE INDEX: use the original userid for more ACL checks.