On 2011-12-12 20:53, Peter Eisentraut wrote:
> On sön, 2011-12-11 at 21:21 +0200, Peter Eisentraut wrote:
>>> * Cannot restrict access to array types. After revoking usage from the
>>> element type, the error is perhaps a bit misleading. (smallint[] vs
>>> smallint)
>>>
>>> postgres=> create table a (a int2[]);
>>> ERROR: permission denied for type smallint[]
>> OK, that error message should be improved.
> Fixing this is easy, but I'd like to look into refactoring this a bit.
> Let's ignore that for now; it's easy to do later.
My experience with ignoring things for now is not positive.
>>> * The information schema view 'attributes' has this additional condition:
>>> AND (pg_has_role(t.typowner, 'USAGE')
>>> OR has_type_privilege(t.oid, 'USAGE'));
>>>
>>> What happens is that attributes in a composite type are shown, or not,
>>> if the current user has USAGE rights. The strange thing here, is that
>>> the attribute in the type being show or not, doesn't match being able to
>>> use it (in the creation of e.g. a table).
>> Yeah, that's a bug. That should be something like
>>
>> AND (pg_has_role(c.relowner, 'USAGE')
>> OR has_type_privilege(c.reltype, 'USAGE'));
> And fix for that included.
Confirmed that this now works as expected.
I have no remarks on the other parts of the patch code.
After puzzling a bit more with the udt and usage privileges views, it is
clear that they should complement each other. That might be reflected by
adding to the 'usage_privileges' section a link back to the
'udt_privileges' section.
I have no further comments on this patch.
regards,
Yeb Havinga