Home > mailing lists

[sepgsql 3/3] Add db_procedure:execute permission checks - Mailing list pgsql-hackers

From	Kohei KaiGai
Subject	[sepgsql 3/3] Add db_procedure:execute permission checks
Date	January 15, 2013 23:46:54
Msg-id	CADyhKSXCQREbxZhfz-p2txu1WXpq+sVdJEF5Z71+rhyX3iV-YA@mail.gmail.com Whole thread Raw
Responses	Re: [sepgsql 3/3] Add db_procedure:execute permission checks
List	pgsql-hackers

Tree view

This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege.

This feature is constructed on new OAT_FUNCTION_EXEC event
type being invoked around pg_proc_aclcheck() except for cases
when function's permissions are checked during CREATE or
ALTER commands. (Extension can handle these cases on
OAT_POST_CREATE or OAT_POST_ALTER hooks if needed.)

This patch assumes db_schema:{search} patch is applied on top.
So, please also check the patches below...
https://commitfest.postgresql.org/action/patch_view?id=1003
https://commitfest.postgresql.org/action/patch_view?id=1065

Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>

Attachment

sepgsql-v9.3-function-execute-permission.v1.patch

pgsql-hackers by date:

From: Robert Haas
Date: 15 January 2013, 23:44:45
Subject: Re: count(*) of zero rows returns 1

From: Josh Berkus
Date: 15 January 2013, 23:50:22
Subject: Re: pg_ctl idempotent option

[sepgsql 3/3] Add db_procedure:execute permission checks - Mailing list pgsql-hackers

Attachment

Previous

Next