GRANT/REVOKE column-level privileges - Mailing list pgsql-hackers
From | kevin brintnall |
---|---|
Subject | GRANT/REVOKE column-level privileges |
Date | |
Msg-id | 20060113093732.GA7414@rufus.net Whole thread Raw |
Responses |
Re: GRANT/REVOKE column-level privileges
|
List | pgsql-hackers |
Has anyone else taken a look at this? I thought I'd play around with the system catalog and see if I couldn't put an ACL column into pg_attribute: It ended up generating the following BKI line: insert ( 1249 attacl 1034 -1 -1 18 1 -1 -1 f x i f f f t 0 _null_ ) And the ROW certainly appears to be in pg_attribute: template1=# select * from pg_attribute where attrelid=1249 and attnum=18;-[ RECORD 1 ]-+-------attrelid | 1249attname | attaclatttypid | 1034attstattarget | -1attlen | -1attnum | 18attndims | 1attcacheoff | -1atttypmod | -1attbyval | fattstorage | xattalign | iattnotnull | fatthasdef | fattisdropped | fattislocal | tattinhcount | 0 ^^^^ no attacl column though! However, the COLUMN doesn't appear to the parser: kbrint@[local]/test=# select attacl from pg_attribute;ERROR: column "attacl" does not exist ----------------------------------------------------------------- For better or worse, I tried the idea from pg_class where the attacl[] comes at the end of the CATALOG(pg_attribute): *** include/catalog/pg_attribute.h 15 Oct 2005 02:49:42 -0000 1.119 --- include/catalog/pg_attribute.h 13 Jan 2006 09:29:06 -0000 *************** *** 37,44 **** --- 37,50 ---- * * If you change the following, make sure you change the structs for * system attributesin catalog/heap.c also. * ---------------- + * This structure is actually variable-length (the last attribute is + * a POSTGRES array). Hence, sizeof(FormData_pg_attribute) does not + * necessarily match the actual length of the structure. Furthermore + * attacl may be a NULL field. Hence, you MUST use heap_getattr() + * to get the attacl field ... and don't forget to check isNull. + * ---------------- */ #define AttributeRelationId 1249 CATALOG(pg_attribute,1249) BKI_BOOTSTRAP BKI_WITHOUT_OIDS *************** *** 148,161 **** --- 154,174 ---- bool attislocal; /* Number of times inherited from direct parent relation(s) */ int4 attinhcount; + + /* + * attacl may or may not be present, see note above! + */ + aclitem attacl[1]; /* we declare this just for the catalog */ + } FormData_pg_attribute; /* * someone should figure out how to do this properly. (The problem is * the size of theC struct is not the same as the size of the tuple * because of alignment padding at the end of the struct.) + * This includes only the fixed part of the tuple (not the attacl). */ #define ATTRIBUTE_TUPLE_SIZE \ (offsetof(FormData_pg_attribute,attinhcount)+ sizeof(int4)) ----------------------------------------------------------------- What is causing the parser not to be able to see that attacl is a valid column? Have I missed something in the relcache? Or is the pg_class hack (with its relacl[] on the end of the struct) truly not going to work with pg_attribute? Ideas? -- kevin brintnall =~ <kbrint@rufus.net>
pgsql-hackers by date: