GRANT/REVOKE column-level privileges - Mailing list pgsql-hackers

From kevin brintnall
Subject GRANT/REVOKE column-level privileges
Date
Msg-id 20060113093732.GA7414@rufus.net
Whole thread Raw
Responses Re: GRANT/REVOKE column-level privileges
List pgsql-hackers
Has anyone else taken a look at this?  I thought I'd play around with the
system catalog and see if I couldn't put an ACL column into pg_attribute:

It ended up generating the following BKI line:
insert ( 1249 attacl 1034 -1 -1 18 1 -1 -1 f x i f f f t 0 _null_ )

And the ROW certainly appears to be in pg_attribute:
template1=# select * from pg_attribute where attrelid=1249 and attnum=18;-[ RECORD 1 ]-+-------attrelid      |
1249attname      | attaclatttypid      | 1034attstattarget | -1attlen        | -1attnum        | 18attndims      |
1attcacheoff  | -1atttypmod     | -1attbyval      | fattstorage    | xattalign      | iattnotnull    | fatthasdef     |
fattisdropped | fattislocal    | tattinhcount   | 0
 
^^^^ no attacl column though!

However, the COLUMN doesn't appear to the parser:
kbrint@[local]/test=# select attacl from pg_attribute;ERROR:  column "attacl" does not exist

-----------------------------------------------------------------

For better or worse, I tried the idea from pg_class where the attacl[]
comes at the end of the CATALOG(pg_attribute):

*** include/catalog/pg_attribute.h      15 Oct 2005 02:49:42 -0000      1.119
--- include/catalog/pg_attribute.h      13 Jan 2006 09:29:06 -0000
***************
*** 37,44 ****
--- 37,50 ----  *  *            If you change the following, make sure you change the structs for  *            system
attributesin catalog/heap.c also.  * ----------------
 
+  *            This structure is actually variable-length (the last attribute is
+  *            a POSTGRES array).      Hence, sizeof(FormData_pg_attribute) does not
+  *            necessarily match the actual length of the structure.  Furthermore
+  *            attacl may be a NULL field.  Hence, you MUST use heap_getattr()
+  *            to get the attacl field ... and don't forget to check isNull.
+  * ----------------  */ #define AttributeRelationId  1249  CATALOG(pg_attribute,1249) BKI_BOOTSTRAP BKI_WITHOUT_OIDS
***************
*** 148,161 ****
--- 154,174 ----       bool            attislocal;        /* Number of times inherited from direct parent relation(s)
*/      int4            attinhcount;
 
+ 
+       /*
+        * attacl may or may not be present, see note above!
+        */
+       aclitem         attacl[1];              /* we declare this just for the catalog */
+  } FormData_pg_attribute;  /*  * someone should figure out how to do this properly. (The problem is  * the size of
theC struct is not the same as the size of the tuple  * because of alignment padding at the end of the struct.)
 
+  * This includes only the fixed part of the tuple (not the attacl).  */ #define ATTRIBUTE_TUPLE_SIZE \
(offsetof(FormData_pg_attribute,attinhcount)+ sizeof(int4))
 


-----------------------------------------------------------------

What is causing the parser not to be able to see that attacl is a valid
column?  Have I missed something in the relcache?  Or is the pg_class hack
(with its relacl[] on the end of the struct) truly not going to work with
pg_attribute?

Ideas?

-- kevin brintnall =~ <kbrint@rufus.net>


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: [SQL] info is a reserved word?
Next
From: Martijn van Oosterhout
Date:
Subject: Re: GRANT/REVOKE column-level privileges