Re: PROPERTY GRAPH pg_dump ACL minimization
Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>
From: Ashutosh Bapat <ashutosh.bapat.oss@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Noah Misch <noah@leadboat.com>, pgsql-hackers@postgresql.org
Date: 2026-07-01T16:21:13Z
Lists: pgsql-hackers
Attachments
- missing_propgraph_acl.patch (text/x-patch) patch
Thanks Noah for the patch and the report. On Tue, Jun 30, 2026 at 8:41 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Noah Misch <noah@leadboat.com> writes: > > Most of the patch bulk (modest as it is) exists to keep support for dumping > > from beta1. I'm not sure whether it was worth bothering. Breaking dump from > > a beta is without precedent known to me, so I just erred on the side of not > > breaking it. If we were to decide pg_dump could drop support for betas, I'd > > be fine with that. > > > This entails a catversion bump on the v19 branch. > > Those points are not unrelated. If you bump catversion then beta > testers must use pg_upgrade to get from beta1 to beta2, so you should > not drop support for dumping from beta1. > > I could agree with dropping that support after beta2, though. That'd > imply having to update via beta2 to beta3 or later, but I doubt those > hardy enough to test beta1 would have a problem with that. > Should there be two commits one which will be reverted post beta2 and one which will stay after beta2? > > If the master branch > > already has a post-branch catversion bump by then, the two catversions should > > remain distinct. I'll use yyyymmdd1 for v19 and yyyymmdd2 for master. > > Check. > > (I didn't read the patch, just responded to your commentary.) I reviewed the patch. - tblinfo[i].dacl.acldefault = pg_strdup(PQgetvalue(res, i, i_acldefault)); + /* acldefault computed below */ Rather than spacially separating the acldefault computation, can we just write a function to compute the acldefault for a given relkind and owner, and call that function here? Did you consider writing a test for the same? Other than that the patch looks good. I wondered whether we are missing special handling for PROPGRAPH at other places. I looked at other places where we handle OBJECT_SEQUENCE separately in acl related files. I discovered following missing cases 1. ExecGrant_Relation: I think we should clip the extra privileges with a warning when GRANT ... TABLE syntax is used to grant privileges on a property graph, just like sequences. To me it looks like we should prohibit GRANT ... TABLE on property graph altogether. But haven't done so to keep it in sync with sequences. The backward compatibility comment, "For backward compatibility, just ... " should not be applicable in case of property graph since we can introduce whatever behaviour we expect from GRANT ... TABLE right from the first release which introduced property graph. But I am not sure if that's the only backward compatibility we are talking about here. Those commits go more than a few decades back and commit message itself doesn't help me much. Maybe someone with a better historical perspective may help. I have also added a test scenario for a non-property graph privilege to be added using GRANT ... TABLE syntax. The second change in this function seems necessary but without it, I couldn't find a visible bug. Mostly it's masked because the privileges available on a table are a superset of privileges available on a property graph. Now that the function handles property graph separately, its prologue needs to change. I think we should mention property graph along with sequences as done in the patch OR just mention "all types of objects in pg_class." 2. pg_class_aclmask_ext(): this seems to be another omission. Probably innocuous since we will test only SELECT privileges on a property graph and ignore other default table privileges. 3. pg_default_acl: doesn't need any update since property graph is not an object listed in the types of objects for which the user is allowed to specify default permissions through pg_default_acl. All other places which handle OBJECT_SEQUENCE also handle OBJECT_PROPGRAPH. I also notice that information_schema.pg_propgraph_privileges shows only privileges of type "SELECT" so we wouldn't be able to notice a privilege type other than SELECT being granted on a property graph through information_schema. But a similar filtering exists in the view information_schema.table_privileges. So it looks intentional and I didn't touch it. -- Best Wishes, Ashutosh Bapat