Re: alter user/role CURRENT_USER - Mailing list pgsql-hackers
| From | Rushabh Lathia |
|---|---|
| Subject | Re: alter user/role CURRENT_USER |
| Date | |
| Msg-id | CAGPqQf2COCK-2n2VA8aHqyEOTebqqFUVuEHFriVowpsaxGZ=FA@mail.gmail.com Whole thread Raw |
| In response to | Re: alter user/role CURRENT_USER (Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp>) |
| Responses |
Re: alter user/role CURRENT_USER
|
| List | pgsql-hackers |
<div dir="ltr">Thanks Kyotaro,<br /><br />I just did quickly looked at the patch and it does cover more syntax then<br />earlierpatch. But still if doesn't not cover the all the part of syntax where<br />we can use CURRENT_USER/CURRENT_ROLE/USER/SESSION_USER.For example:<br /><br />-- Not working<br />alter default privileges for rolecurrent_user grant SELECT ON TABLES TO current_user ;<br /><br />-- Not working<br />grant user1 TO current_user;<br/><br />Their might few more syntax like this.<br /><br />I understand that patch is sightly getting biggerand complex then what it was<br />originally proposed. Before going back to more review on latest patch I would<br/>like to understand the requirement of this new feature. Also would like others<br />to comment on where/how weshould restrict this feature ?<br /></div><div class="gmail_extra"><br /><div class="gmail_quote">On Fri, Oct 24, 2014at 1:59 PM, Kyotaro HORIGUCHI <span dir="ltr"><<a href="mailto:horiguchi.kyotaro@lab.ntt.co.jp" target="_blank">horiguchi.kyotaro@lab.ntt.co.jp</a>></span>wrote:<br /><blockquote class="gmail_quote" style="margin:00 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, here is the revised patch.<br /><br /> Attachedfiles are the followings<br /><br /> - 0001-ALTER-ROLE-CURRENT_USER_v2.patch - the patch.<br /><br /> - testset.tar.bz2- test set. Run by typing 'make check' as a<br /> superuser of the running postgreSQL server. It creates"testdb"<br /> and some roles.<br /><br /> Documents are not edited this time.<br /><br /> ----<br /><br /> Consideringyour comments, I found more points to modify.<br /><br /> - CREATE SCHEMA (IF NOT EXISTS) .. AUTHORIZATION <role>...<br /><br /> - ALTER AGGREAGE/COLLATION/etc... OWNER TO <role><br /><br /> - CREATE/ALTER/DROP USERMAPPING FOR <role> SERVER ..<br /><br /> GRANT/REVOKE also takes role as an arguemnt but CURRENT_USER and<br />the similar keywords seem to be useless for them.<br /><br /> Finally, the new patch modifies the following points.<br/><br /> In gram.y,<br /><br /> - RoleId's are replaced with RoleId_or_curruser in more places.<br /> It acceptsCURRENT_USER/USER/CURRENT_ROLE/SESSION_USER.<br /><br /> - ALTER USER ALL syntax is added. (not changed from theprevious patch)<br /><br /> - The non-terminal auth_ident now uses RoleId_or_curruser<br /> instead of RoleId. Thisaffects CREATE/ALTER/DROP USER MAPPING<br /><br /> In user.c, new function ResolveRoleId() is added and used for all<br/> role ID resolutions that correspond to the syntax changes in<br /> parser. It is AlterRole() in user.c.<br /><br/> In foreigncmds.c, GetUserOidFromMapping() is removed and<br /> ResolveRoleId is used instead.<br /><br /> In alter.cand tablecmds.c, all calls to get_role_oid()<br /> correspond the the grammer change were replaced with<br /> ResolveRoleId().<br/><br /> The modifications are a bit complicated so I provided a<br /> comprehensive test set.<br /><divclass="HOEnZb"><div class="h5"><br /><br /> regards,<br /><br /> --<br /> Kyotaro Horiguchi<br /> NTT Open Source SoftwareCenter<br /></div></div></blockquote></div><br /><br clear="all" /><br />-- <br />Rushabh Lathia </div>
pgsql-hackers by date: