migra icon indicating copy to clipboard operation
migra copied to clipboard

Published 20 hours ago verified publisher icon djrobstep

View owner not tracked

Open ruslantalpa opened this issue 3 years ago • 8 comments

@djrobstep thank you for migra

Although this might be a more general issue (relations owners not being tracked), i noticed this when diffing two views that had a specific owner set. The resulting DDL is of a drop view/create view however the "correct" owner is not restored.

For an idea of why this might be useful (specific view owner), when working with RLS and Views, in order for an RLS policy to kick in when going through a view, the view must be owned by a non super user role. This is useful in setups with PostgREST and PostGraphile.

Thank you

ruslantalpa avatar Dec 03 '20 08:12 ruslantalpa

@ruslantalpa Just checking, did you use the --with-privileges argument? I understand you're talking about ownership which is different to privileges, but I thought it prudent to check.

tysonclugg avatar Sep 01 '21 06:09 tysonclugg

@tysonclugg sorry for late reply, i did not use --with-privileges since that is about something else. I ended up using migra without privileges and having those in a separate file that "resets" everything after each transaction.

ruslantalpa avatar Sep 21 '21 08:09 ruslantalpa

@ruslantalpa Alternatively you may take a look at pgAdmin Schema Diff described here

(Although from my experience Migra gives usually better result)

karolzlot avatar Oct 05 '21 23:10 karolzlot

So does --with-privileges fix this ?

benjamin-kirkbride avatar Jul 13 '22 22:07 benjamin-kirkbride

In my experience no, migra-3.0.1658662267 is not picking up on ownership changes, even when I use --with-privileges.

bmillwood avatar Aug 25 '22 15:08 bmillwood

Seems that this is a pretty deciding factor between pgAdmin Schema Diff and Migra, is this scheduled for an upcoming release?

loekj avatar Oct 14 '22 11:10 loekj

@loekj Yes, that's true, although pgAdmin schema diff has its own issues: https://github.com/djrobstep/migra/issues/189#issuecomment-947850713

I hope the decision is to improve Migra, not replace its engine with subpar engine from pgAdmin.

karolzlot avatar Nov 29 '22 05:11 karolzlot

I am seeing two critical (from a security perspective) issues where migra misses view privileges (even with the --with-privileges flag):

  1. Views with WITH ( security_invoker = TRUE) generate migrations without this flag. This makes it too easy to generate a migration to update a view that ends up dropping and recreating the view with open access.
  2. GRANT and REVOKE on views are not generated.

KrisBraun avatar Sep 01 '23 16:09 KrisBraun