Skip site navigation (1) Skip section navigation (2)

Re: Extending grant insert on tables to sequences

From: Abhijit Menon-Sen <ams(at)oryx(dot)com>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Jaime Casanova <systemguards(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Extending grant insert on tables to sequences
Date: 2008-07-10 03:11:40
Message-ID: 20080710031140.GA427@toroid.org (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
At 2008-07-09 15:11:25 -0400, alvherre(at)commandprompt(dot)com wrote:
>
> No, actually I meant having a lone "list = lappend(list, newseq);" in
> the loop, so that ExecGrantStmt_oids is called only once.

Yes, I understand what you meant. I just phrased my agreement poorly.
Here's a more precise phrasing. ;-)

(I agree with Robert Treat that there seems to be no point granting
SELECT on the sequence. I don't *particularly* care about it, but I
tend towards wanting to drop that bit. This patch reflects that.)

Jaime: please feel free to use or ignore this, as you wish.

-- ams

diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c
index 15f5af0..8664203 100644
--- a/src/backend/catalog/aclchk.c
+++ b/src/backend/catalog/aclchk.c
@@ -361,6 +361,41 @@ ExecuteGrantStmt(GrantStmt *stmt)
 	}
 
 	ExecGrantStmt_oids(&istmt);
+
+	/* If INSERT or UPDATE privileges are being granted or revoked on a
+	 * relation, this extends the operation to include any sequences
+	 * owned by the relation.
+	 */
+
+	if (istmt.objtype == ACL_OBJECT_RELATION &&
+		(istmt.privileges & (ACL_INSERT | ACL_UPDATE)))
+	{
+		InternalGrant istmt_seq;
+
+		istmt_seq.is_grant = istmt.is_grant;
+		istmt_seq.objtype = ACL_OBJECT_SEQUENCE;
+		istmt_seq.grantees = istmt.grantees;
+		istmt_seq.grant_option = istmt.grant_option;
+		istmt_seq.behavior = istmt.behavior;
+		istmt_seq.all_privs = false;
+
+		istmt_seq.privileges = ACL_NO_RIGHTS;
+		if (istmt.privileges & ACL_INSERT)
+			istmt_seq.privileges |= ACL_USAGE;
+		if (istmt.privileges & ACL_UPDATE)
+			istmt_seq.privileges |= ACL_UPDATE;
+
+		istmt_seq.objects = NIL;
+		foreach (cell, istmt.objects)
+		{
+			istmt_seq.objects =
+				list_concat(istmt_seq.objects,
+							getOwnedSequences(lfirst_oid(cell)));
+		}
+
+		if (istmt_seq.objects != NIL)
+			ExecGrantStmt_oids(&istmt_seq);
+	}
 }
 
 /*

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-07-10 03:31:10
Subject: Re: Protocol 3, Execute, maxrows to return, impact?
Previous:From: Greg SmithDate: 2008-07-10 01:39:29
Subject: Re: Sorting writes during checkpoint

pgsql-patches by date

Next:From: Simon RiggsDate: 2008-07-10 07:06:12
Subject: Re: Sorting writes during checkpoint
Previous:From: Greg SmithDate: 2008-07-10 01:39:29
Subject: Re: Sorting writes during checkpoint

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group