Обсуждение: create database with template doesn't copy ACL

Поиск
Список
Период
Сортировка

create database with template doesn't copy ACL

От
PG Doc comments form
Дата:
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/11/sql-createdatabase.html
Description:

My understanding is that not copying the ACL is the (currently) expected
behavior when issuing CREATE DATABASE newdb WITH TEMPLATE my_tmpl;
It would be useful for the documentation to note this caveat.

Re: create database with template doesn't copy ACL

От
Bruce Momjian
Дата:
On Fri, Jun  5, 2020 at 02:31:34PM +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
> 
> Page: https://www.postgresql.org/docs/11/sql-createdatabase.html
> Description:
> 
> My understanding is that not copying the ACL is the (currently) expected
> behavior when issuing CREATE DATABASE newdb WITH TEMPLATE my_tmpl;
> It would be useful for the documentation to note this caveat.

Uh, what ACLs are not copied?

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee

Re: create database with template doesn't copy ACL

От
Joseph Nahmias
Дата:
On Fri, Jun 12, 2020 at 05:29:51PM -0400, Bruce Momjian wrote:
> On Fri, Jun  5, 2020 at 02:31:34PM +0000, PG Doc comments form wrote:
> > The following documentation comment has been logged on the website:
> > 
> > Page: https://www.postgresql.org/docs/11/sql-createdatabase.html
> > Description:
> > 
> > My understanding is that not copying the ACL is the (currently) expected
> > behavior when issuing CREATE DATABASE newdb WITH TEMPLATE my_tmpl;
> > It would be useful for the documentation to note this caveat.
> 
> Uh, what ACLs are not copied?

The ACL on the database itself. For example:

postgres@postgres[[local]#9655]=# CREATE DATABASE acl_template WITH IS_TEMPLATE = 1;
CREATE DATABASE
postgres@postgres[[local]#9655]=# REVOKE ALL ON DATABASE acl_template FROM PUBLIC;
REVOKE
postgres@postgres[[local]#9655]=# CREATE DATABASE acl_test WITH TEMPLATE = acl_template;
CREATE DATABASE
postgres@postgres[[local]#9655]=# SELECT datname, datacl FROM pg_database WHERE datname LIKE 'acl%';
   datname    |         datacl
--------------+-------------------------
 acl_template | {postgres=CTc/postgres}
 acl_test     |
(2 rows)

Here, the ACL on the new acl_test database does NOT match the ACL on the
acl_template database upon which it is based.

Hope this helps,
--Joe