Re: ExecutorCheckPerms() hook - Mailing list pgsql-hackers

From Robert Haas
Subject Re: ExecutorCheckPerms() hook
Date
Msg-id AANLkTin3PhJ-j-VJYgSa5MET7PSYGQ800MEB53mzTHl4@mail.gmail.com
Whole thread Raw
In response to Re: ExecutorCheckPerms() hook  (KaiGai Kohei <kaigai@ak.jp.nec.com>)
Responses Re: ExecutorCheckPerms() hook
List pgsql-hackers
2010/5/24 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> BTW, I guess the reason why permissions on attributes are not checked here is
> that we missed it at v8.4 development.

That's a little worrying.  Can you construct and post a test case
where this results in a user-visible failure in CVS HEAD?

> The attached patch provides a common checker function of DML, and modifies
> ExecCheckRTPerms(), CopyTo() and RI_Initial_Check() to call the checker
> function instead of individual ACL checks.

This looks pretty sane to me, although I have not done a full review.
I am disinclined to create a whole new directory for it.   I think the
new function should go in src/backend/catalog/aclchk.c and be declared
in src/include/utils/acl.h.  If that sounds reasonable to you, please
revise and post an updated patch.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company


pgsql-hackers by date:

Previous
From: Jan Wieck
Date:
Subject: Re: Specification for Trusted PLs?
Next
From: Fujii Masao
Date:
Subject: Synchronization levels in SR