Home > mailing lists

Re: [HACKERS] Ignore tablespace ACLs when ignoring schema ACLs - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [HACKERS] Ignore tablespace ACLs when ignoring schema ACLs
Date	February 5, 2017 23:46:41
Msg-id	13553.1486316801@sss.pgh.pa.us Whole thread Raw
In response to	[HACKERS] Ignore tablespace ACLs when ignoring schema ACLs (Noah Misch <noah@leadboat.com>)
Responses	Re: [HACKERS] Ignore tablespace ACLs when ignoring schema ACLs (Noah Misch <noah@leadboat.com>)
List	pgsql-hackers

Tree view

Noah Misch <noah@leadboat.com> writes:
> DefineIndex() has a check_rights argument that determines whether to perform a
> namespace ACL check.  When ALTER TABLE ALTER TYPE rebuilds an index, it sets
> that flag.  The theory goes that use of DROP INDEX and CREATE INDEX is a mere
> implementation detail of ALTER TABLE ALTER TYPE; the operation is logically like
> an alteration of the existing index.  I think the same treatment should extend
> to the tablespace ACL check, as attached.

Seems generally reasonable.

Is there any likely use-case for providing separate control flags for the
two permission checks?  That would require an API change for DefineIndex,
making this considerably more invasive, so I'm not pushing for it ---
just think it's worth asking the question before proceeding.
        regards, tom lane

pgsql-hackers by date:

From: Andrew Borodin
Date: 05 February 2017, 22:04:32
Subject: Re: [HACKERS] Review: GIN non-intrusive vacuum of posting tree

From: Tom Lane
Date: 05 February 2017, 23:51:09
Subject: Re: [HACKERS] Index corruption with CREATE INDEX CONCURRENTLY

Re: [HACKERS] Ignore tablespace ACLs when ignoring schema ACLs - Mailing list pgsql-hackers

Previous

Next