On Thu, Apr 7, 2016 at 10:45 AM, Stephen Frost <sfrost@snowman.net> wrote:
> Use GRANT system to manage access to sensitive functions
>
> Now that pg_dump will properly dump out any ACL changes made to
> functions which exist in pg_catalog, switch to using the GRANT system
> to manage access to those functions.
>
> This means removing 'if (!superuser()) ereport()' checks from the
> functions themselves and then REVOKEing EXECUTE right from 'public' for
> these functions in system_views.sql.
This commit revokes the execution privilege on pg_start_backup() from
a replication role. Doesn't this affect many systems that a replication
role is used to take a backup? This commit forces administrators of
those systems to manually grant the privilege to a replication role
when upgrading the system to 9.6.
Regards,
--
Fujii Masao