In my specific scenario it could be fixed such that e.g. pg_dump has a flag for non superuser usage.
If the flag is enabled, the dump could check if CREATE privilege is given at the end of the dump file to the correct schema and instead give the privilege after connecting to the correct database. Then my case would work.
"Wetmore, Matthew (CTR)" <Matthew.Wetmore@express-scripts.com> writes: > What about a whole new user type: > An 'Admin' account that isn't a super user, but just has dump/ elevated permissions /customizable.
[ shrug... ] Maybe, but there's a mighty lot of devils hiding in the details. Exactly what special privileges would this user type need? How would we convince ourselves (and more to the point, convince the cloud providers) that such a set of privileges is safe to give out? Poking holes in the privilege model is usually a good way to create security hazards.
