Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Copy recreated object permissions on update
Tables, indexes, and sequences that are recreated as part of an update does not propagate permissions to the recreated object. This commit fixes that by saving away the permissions in `pg_class` temporarily and then copying them back into the `pg_class` table. If internal objects are created or re-created, they get the wrong initial privileges, which result in privileges not being dumped when using `pg_dump`. Save away the privileges before starting the update and restore them afterwards to make sure that the privileges are maintained over the update. For new objects, we use the initial privileges of the `chunk` metadata table, which should always have correct initial privileges. Fixes #3078
- Loading branch information
Showing
11 changed files
with
129 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
-- This file and its contents are licensed under the Apache License 2.0. | ||
-- Please see the included NOTICE for copyright information and | ||
-- LICENSE-APACHE for a copy of the license. | ||
|
||
-- Catalog tables are occationally rewritten as part of updates, so | ||
-- this is to test that privileges are maintained over updates of the | ||
-- extension. We could verify that other properties (e.g., comments) | ||
-- are maintained here as well, but this is not something we use right | ||
-- now. | ||
-- | ||
-- We do not alter the privileges on _timescaledb_internal since this | ||
-- affects both internal objects and two tables that are metadata | ||
-- placed in the _timescaledb_internal schema. | ||
|
||
GRANT SELECT ON ALL TABLES IN SCHEMA _timescaledb_catalog TO tsdbadmin; | ||
GRANT SELECT ON ALL TABLES IN SCHEMA _timescaledb_config TO tsdbadmin; | ||
GRANT SELECT ON ALL SEQUENCES IN SCHEMA _timescaledb_catalog TO tsdbadmin; | ||
GRANT SELECT ON ALL SEQUENCES IN SCHEMA _timescaledb_config TO tsdbadmin; | ||
|
||
ALTER DEFAULT PRIVILEGES IN SCHEMA _timescaledb_catalog | ||
GRANT SELECT ON tables TO tsdbadmin; | ||
ALTER DEFAULT PRIVILEGES IN SCHEMA _timescaledb_config | ||
GRANT SELECT ON tables TO tsdbadmin; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,3 +3,4 @@ | |
-- LICENSE-APACHE for a copy of the license. | ||
|
||
CREATE ROLE cagg_user; | ||
CREATE USER tsdbadmin; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters