Using PostgreSQL I see that the pg_dump
command (and probably other commands) requires access to 'sequences'. I understand these to just be incremental IDs that are necessary for row identification…
Why is it necessary for server roles to be granted access to sequence objects? What are the potential security problems if every role had access to all sequences of accessible schemas?
Best Answer
pg_dump
needs to dump the current position of the sequence, so that it can be restored. Otherwise, the restored sequence would start at 1 (or whatever its start value is) again and would generate duplicate keys.Granting
SELECT
on the sequence should be enough for that purpose. Then the user can see the current value, but cannot increase or reset the sequence.