Home > mailing lists

Rework confusing permissions for LOCK TABLE - Mailing list pgsql-hackers

From	Jeff Davis
Subject	Rework confusing permissions for LOCK TABLE
Date	December 14, 2022 05:59:48
Msg-id	9550c76535404a83156252b25a11babb4792ea1e.camel@j-davis.com Whole thread Raw
Responses	Re: Rework confusing permissions for LOCK TABLE (Nathan Bossart <nathandbossart@gmail.com>)
List	pgsql-hackers

Tree view

The existing permissions for LOCK TABLE are surprising/confusing. For
instance, if you have UPDATE privileges on a table, you can lock in any
mode *except* ACCESS SHARE.

  drop table x cascade;
  drop user u1;
  create user u1;
  create table x(i int);
  grant update on x to u1;

  set session authorization u1;
  begin;
  lock table x in access exclusive mode; -- succeeds
  commit;
  begin;
  lock table x in share mode; -- succeeds
  commit;
  begin;
  lock table x in access share mode; -- fails
  commit;

I can't think of any reason for this behavior, and I didn't find an
obvious answer in the last commits to touch that (2ad36c4e44,
fa2642438f).

Patch attached to simplify it. It uses the philosophy that, if you have
permissions to lock at a given mode, you should be able to lock at
strictly less-conflicting modes as well.


--
Jeff Davis
PostgreSQL Contributor Team - AWS

Attachment

v1-0001-Rework-permissions-for-LOCK-TABLE.patch

pgsql-hackers by date:

From: Michael Paquier
Date: 14 December 2022, 05:44:14
Subject: Re: allowing for control over SET ROLE

From: Jeff Davis
Date: 14 December 2022, 06:05:10
Subject: Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX

Rework confusing permissions for LOCK TABLE - Mailing list pgsql-hackers

Attachment

Previous

Next