Skip site navigation (1) Skip section navigation (2)

pgsql: Get rid of the separate RULE privilege for tables: now only a

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Get rid of the separate RULE privilege for tables: now only a
Date: 2006-09-05 21:08:36
Message-ID: 20060905210836.EE26C9FB1E7@postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Get rid of the separate RULE privilege for tables: now only a table's owner
can create or modify rules for the table.  Do setRuleCheckAsUser() while
loading rules into the relcache, rather than when defining a rule.  This
ensures that permission checks for tables referenced in a rule are done with
respect to the current owner of the rule's table, whereas formerly ALTER TABLE
OWNER would fail to update the permission checking for associated rules.
Removal of separate RULE privilege is needed to prevent various scenarios
in which a grantee of RULE privilege could effectively have any privilege
of the table owner.  For backwards compatibility, GRANT/REVOKE RULE is still
accepted, but it doesn't do anything.  Per discussion here:
http://archives.postgresql.org/pgsql-hackers/2006-04/msg01138.php

Modified Files:
--------------
    pgsql/doc/src/sgml:
        ddl.sgml (r1.60 -> r1.61)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ddl.sgml.diff?r1=1.60&r2=1.61)
        func.sgml (r1.333 -> r1.334)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/func.sgml.diff?r1=1.333&r2=1.334)
        information_schema.sgml (r1.26 -> r1.27)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/information_schema.sgml.diff?r1=1.26&r2=1.27)
        user-manag.sgml (r1.36 -> r1.37)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/user-manag.sgml.diff?r1=1.36&r2=1.37)
    pgsql/doc/src/sgml/ref:
        create_rule.sgml (r1.46 -> r1.47)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_rule.sgml.diff?r1=1.46&r2=1.47)
        grant.sgml (r1.60 -> r1.61)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/grant.sgml.diff?r1=1.60&r2=1.61)
        revoke.sgml (r1.39 -> r1.40)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/revoke.sgml.diff?r1=1.39&r2=1.40)
    pgsql/src/backend/catalog:
        aclchk.c (r1.130 -> r1.131)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/aclchk.c.diff?r1=1.130&r2=1.131)
        information_schema.sql (r1.35 -> r1.36)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/information_schema.sql.diff?r1=1.35&r2=1.36)
    pgsql/src/backend/commands:
        comment.c (r1.90 -> r1.91)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/comment.c.diff?r1=1.90&r2=1.91)
    pgsql/src/backend/rewrite:
        rewriteDefine.c (r1.113 -> r1.114)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/rewrite/rewriteDefine.c.diff?r1=1.113&r2=1.114)
        rewriteRemove.c (r1.65 -> r1.66)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/rewrite/rewriteRemove.c.diff?r1=1.65&r2=1.66)
    pgsql/src/backend/utils/adt:
        acl.c (r1.134 -> r1.135)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/acl.c.diff?r1=1.134&r2=1.135)
    pgsql/src/backend/utils/cache:
        relcache.c (r1.247 -> r1.248)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/cache/relcache.c.diff?r1=1.247&r2=1.248)
    pgsql/src/include/catalog:
        catversion.h (r1.353 -> r1.354)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/catversion.h.diff?r1=1.353&r2=1.354)
    pgsql/src/include/nodes:
        parsenodes.h (r1.329 -> r1.330)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/nodes/parsenodes.h.diff?r1=1.329&r2=1.330)
    pgsql/src/include/rewrite:
        rewriteDefine.h (r1.21 -> r1.22)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/rewrite/rewriteDefine.h.diff?r1=1.21&r2=1.22)
    pgsql/src/include/utils:
        acl.h (r1.96 -> r1.97)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/acl.h.diff?r1=1.96&r2=1.97)
    pgsql/src/test/regress/expected:
        dependency.out (r1.4 -> r1.5)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/dependency.out.diff?r1=1.4&r2=1.5)
        privileges.out (r1.34 -> r1.35)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/privileges.out.diff?r1=1.34&r2=1.35)
    pgsql/src/test/regress/sql:
        privileges.sql (r1.18 -> r1.19)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/privileges.sql.diff?r1=1.18&r2=1.19)

pgsql-committers by date

Next:From: Tom LaneDate: 2006-09-05 21:26:48
Subject: pgsql: Remove pgcrypto functions that were deprecated and slated for
Previous:From: Tom LaneDate: 2006-09-05 19:18:13
Subject: pgsql: Make Gen_fmgrtab.sh locale-proof.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group