On Fri, Aug 14, 2015 at 12:00 PM, Haribabu Kommi
<kommi.haribabu@gmail.com> wrote:
>
> Here I attached the proof concept patch.
Here I attached an updated patch by adding policies to the most of the
system catalog tables, except the following.
AggregateRelationId
AccessMethodRelationId
AccessMethodOperatorRelationId
AccessMethodProcedureRelationId
AuthMemRelationId
CastRelationId
EnumRelationId
EventTriggerRelationId
ExtensionRelationId
LargeObjectRelationId
LargeObjectMetadataRelationId
PLTemplateRelationId
RangeRelationId
RewriteRelationId
TransformRelationId
TSConfigRelationId
TSConfigMapRelationId
TSDictionaryRelationId
TSParserRelationId
TSTemplateRelationId
Following catalog tables needs to create the policy based on the
class, so currently didn't added any policy for the same.
SecLabelRelationId
SharedDependRelationId
SharedDescriptionRelationId
SharedSecLabelRelationId
If any user is granted any permissions on that object then that user
can view it's meta data of that object from the catalog tables.
To check the permissions of the user on the object, instead of
checking each and every available option, I just added a new
privilege check option called "any". If user have any permissions on
the object, the corresponding permission check function returns
true. Patch attached for the same.
Any thoughts/comments?
Regards,
Hari Babu
Fujitsu Australia