On Fri, 24 Nov 2023 at 18:37, Shubham Khanna
<khannashubham1197@gmail.com> wrote:
>
> n Fri, Nov 24, 2023 at 6:33 PM vignesh C <vignesh21@gmail.com> wrote:
> >
> > Hi,
> >
> > Improved tab completion for "ALTER DEFAULT PRIVILEGE" and "ALTER TABLE":
> > 1) GRANT, REVOKE and FOR USER keyword was not displayed in tab
> > completion of alter default privileges like the below statement:
> > ALTER DEFAULT PRIVILEGES GRANT INSERT ON tables TO PUBLIC;
> > ALTER DEFAULT PRIVILEGES REVOKE INSERT ON tables FROM PUBLIC;
> > ALTER DEFAULT PRIVILEGES FOR USER vignesh revoke INSERT ON tables FROM dba1;
> >
> > 2) USER was not displayed for "ALTER DEFAULT PRIVILEGES IN SCHEMA
> > public FOR " like in below statement:
> > ALTER DEFAULT PRIVILEGES IN SCHEMA public FOR USER dba1 GRANT INSERT
> > ON TABLES TO PUBLIC;
> >
> > 3) "FOR GRANT OPTION" was not display for "ALTER DEFAULT PRIVILEGES
> > REVOKE " like in below statement:
> > alter default privileges revoke grant option for select ON tables FROM dba1;
> >
> > 4) "DATA TYPE" was missing in "ALTER TABLE table-name ALTER COLUMN
> > column-name SET" like in:
> > ALTER TABLE t1 ALTER COLUMN c1 SET DATA TYPE text;
> >
> > Attached patch has the changes for the same.
>
> + COMPLETE_WITH("ROLE", "USER");
> + /* ALTER DEFAULT PRIVILEGES REVOKE */
> + else if (Matches("ALTER", "DEFAULT", "PRIVILEGES", "REVOKE"))
> + COMPLETE_WITH("SELECT", "INSERT", "UPDATE", "DELETE", "TRUNCATE",
> + "REFERENCES", "TRIGGER", "CREATE", "EXECUTE", "USAGE",
> + "MAINTAIN", "ALL", "GRANT OPTION FOR");
>
> I could not find "alter default privileges revoke maintain", should
> this be removed?
This was reverted as part of:
151c22deee66a3390ca9a1c3675e29de54ae73fc.
Revert MAINTAIN privilege and pg_maintain predefined role.
This reverts the following commits: 4dbdb82513, c2122aae63,
5b1a879943, 9e1e9d6560, ff9618e82a, 60684dd834, 4441fc704d,
and b5d6382496. A role with the MAINTAIN privilege may be able to
use search_path tricks to escalate privileges to the table owner.
Unfortunately, it is too late in the v16 development cycle to apply
the proposed fix, i.e., restricting search_path when running
maintenance commands.
The attached v2 version has the changes for the same.
Regards,
Vignesh