Re: New patch for Column-level privileges - Mailing list pgsql-hackers

From Tom Lane
Subject Re: New patch for Column-level privileges
Date
Msg-id 26293.1231859501@sss.pgh.pa.us
Whole thread Raw
In response to Re: New patch for Column-level privileges  (Stephen Frost <sfrost@snowman.net>)
Responses Re: New patch for Column-level privileges
List pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:
> * KaiGai Kohei (kaigai@ak.jp.nec.com) wrote:
>> - The markColumnForSelectPriv() uses walker function internally, because
>> there is no guarantee all the entities within RangeTblEntry->joinaliasvars
>> are Var type node.

> If any of them aren't Vars, then wouldn't it be a subselect or similar,

They're either Vars or COALESCEs of two Vars (the latter only for FULL
JOIN USING join columns).  There are no other possibilities at parse
time.  It might be best to use expression_tree_walker to avoid
explicitly handling the COALESCE case, but it's probably not going to be
any shorter.

You will need recursion of some type there, since it's entirely
possible for those Vars to point to another JOIN RTE.

BTW, another corner case that I'm not sure gets handled right is
that the join columns in JOIN USING or NATURAL JOIN need to be marked
as requiring ACL_SELECT.  (Or so I'd expect anyway; I didn't run through
the SQL spec looking for chapter and verse on that.)  I forget whether
we take any shortcuts in setting up the implied join condition
expressions, but if we do then some extra code might be needed.  This
would be a good place for a regression test in any case.
        regards, tom lane


pgsql-hackers by date:

Previous
From: Gregory Stark
Date:
Subject: Re: Recovery Test Framework
Next
From: Tom Lane
Date:
Subject: Re: New patch for Column-level privileges