Home > mailing lists

Re: Column-Level Privileges - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Column-Level Privileges
Date	January 20, 2009 17:53:06
Msg-id	9375.1232477570@sss.pgh.pa.us Whole thread Raw
In response to	Re: Column-Level Privileges (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Column-Level Privileges (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

... btw, what is the reasoning behind the special cases for SELECT FOR
UPDATE in execMain.c?
                   /* Check if this is SELECT-FOR-UPDATE and handle                    * accordingly. */
  if(remainingPerms & ACL_UPDATE &&                           pg_attribute_aclcheck_all(relOid, userid,
                ACL_UPDATE, ACLMASK_ALL) != ACLCHECK_OK)                       aclcheck_error(ACLCHECK_NO_PRIV,
ACL_KIND_CLASS,                                     get_rel_name(relOid));
 

If there actually is a need to treat SELECT FOR UPDATE specially, then
this code is quite wrong because it will also fire on a plain UPDATE
(assuming the UPDATE reads any existing column values, which it usually
would).  Offhand though I don't see why we can't just use code that is
symmetric with the SELECT case: if requiredPerms includes UPDATE but
there are no columns called out for UPDATE, then allow it if we have
UPDATE on any column.
        regards, tom lane

pgsql-hackers by date:

From: Hiroshi Inoue
Date: 20 January 2009, 17:08:56
Subject: Re: Re: [COMMITTERS] pgsql: Explicitly bind gettext() to the UTF8 locale when in use.

From: Stephen Frost
Date: 20 January 2009, 18:02:01
Subject: Re: Column-Level Privileges

Re: Column-Level Privileges - Mailing list pgsql-hackers

Previous

Next