Tom Lane wrote: >Hmm. This seems wrong; if the function was created by the superuser >then it should have proowner set
tothe superuser, and pg_dump looks >like it does the right thing about reconnecting as the function owner >(assuming
youused -z, which is now default but wasn't in 6.4.2...).
Ah... looking back, I see that I did not use -z.
Using -z, it works OK.
>I wonder whether we need a notion of "effective" and "real" user ID, >such as most Unix systems have. Then it'd be
possiblefor the system >to know "I may be creating objects on behalf of user X, but I really >am the superuser" and
applyprotection checks appropriately. This'd >be a much more elegant solution than \connect for pg_dump scripts,
>sincethe whole script would run in a single superuser session and just >do a SET VARIABLE or something to indicate
whichuser would be the owner >of created objects.
I definitely agree with that. It's also needed in order to restrict
password manipulation of other users' passwords to the superuser alone.
-- Vote against SPAM: http://www.politik-digital.de/spam/ ========================================
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver PGP key from public servers; key
ID32B8FAA1 ======================================== "Fear not, for I am with thee; be not dismayed,
for I am thy God. I will strengthen thee and I will help thee; yea, I will uphold thee with the right hand
ofmy righteousness." Isaiah 41:10