Postgres Pro
Downloads
Home   >   mailing lists

Re: table partitioning and access privileges - Mailing list pgsql-hackers

From Fujii Masao
Subject Re: table partitioning and access privileges
Date
Msg-id 0ff3cecc-20f4-4ee4-fbfc-601a6a5a9eab@oss.nttdata.com
Whole thread Raw
In response to Re: table partitioning and access privileges  (Fujii Masao <masao.fujii@oss.nttdata.com>)
Responses Re: table partitioning and access privileges  (Amit Langote <amitlangote09@gmail.com>)
List pgsql-hackers
Tree view 

On 2020/01/23 22:14, Fujii Masao wrote:
> 
> 
> On 2020/01/22 16:54, Amit Langote wrote:
>> Fujii-san,
>>
>> Thanks for taking a look.
>>
>> On Fri, Jan 10, 2020 at 10:29 AM Fujii Masao <masao.fujii@gmail.com> 
>> wrote:
>>> On Tue, Jan 7, 2020 at 5:15 PM Amit Langote <amitlangote09@gmail.com> 
>>> wrote:
>>>> I tend to agree that TRUNCATE's permission model for inheritance
>>>> should be consistent with that for the other commands.  How about the
>>>> attached patch toward that end?
>>>
>>> Thanks for the patch!
>>>
>>> The patch basically looks good to me.
>>>
>>> +GRANT SELECT (f1, fz), UPDATE (fz) ON atestc TO regress_priv_user2;
>>> +REVOKE TRUNCATE ON atestc FROM regress_priv_user2;
>>>
>>> These seem not to be necessary for the test.
>>
>> You're right.  Removed in the attached updated patch.
> 
> Thanks for updating the patch! Barring any objection,
> I will commit this fix and backport it to all supported versions.

Attached are the back-port versions of the patches.

- patch for master and v12
 
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg12-13.patch

- patch for v11
 
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg11.patch

- patch for v10
 
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg10.patch

- patch for v9.6
 
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg96.patch

- patch for v9.5 and v9.4
 
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg94-95.patch

The patch for master branch separates truncate_check_activity() into two
functions, but in v11 or before, truncate_check_activity() didn't exist and
its code was in truncate_check_rel(). So I had to write the back-port 
version
of the patch for the previous versions and separate truncate_check_rel()
into three functions, i.e., truncate_check_rel(), 
truncate_check_activity() and
truncate_check_perms().

Also the names of users that the regression test for privileges use were
different between PostgreSQL versions. This is another reason
why I had to write several back-port versions of the patches.

Regards,

-- 
Fujii Masao
NTT DATA CORPORATION
Advanced Platform Technology Group
Research and Development Headquarters
Attachment

pgsql-hackers by date:

Previous
From: Thomas Munro
Date:
Subject: Re: [PATCH] Resolve Parallel Hash Join Performance Issue
Next
From: Takashi Menjo
Date:
Subject: RE: [PoC] Non-volatile WAL buffer