Skip site navigation (1) Skip section navigation (2)

pgsql: Revise the permission checking on user mapping DDL commands.

From: petere(at)postgresql(dot)org (Peter Eisentraut)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Revise the permission checking on user mapping DDL commands.
Date: 2009-01-20 09:10:21
Message-ID: 20090120091021.1D042754878@cvs.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Revise the permission checking on user mapping DDL commands.  
CREATE/ALTER/DROP USER MAPPING are now allowed either by the server owner or 
by a user with USAGE privileges for his own user name.  This is more or less 
what the SQL standard wants anyway (plus "implementation-defined")

Hide information_schema.user_mapping_options.option_value, unless the current 
user is the one associated with the user mapping, or is the server owner and 
the mapping is for PUBLIC, or is a superuser.  This is to protect passwords.

Also, fix a bug in information_schema._pg_foreign_servers, which hid servers 
using wrappers where the current user did not have privileges on the wrapper.  
The correct behavior is to hide servers where the current user has no 
privileges on the server.

Modified Files:
--------------
    pgsql/doc/src/sgml:
        information_schema.sgml (r1.36 -> r1.37)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/information_schema.sgml?r1=1.36&r2=1.37)
    pgsql/doc/src/sgml/ref:
        alter_user_mapping.sgml (r1.1 -> r1.2)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/alter_user_mapping.sgml?r1=1.1&r2=1.2)
        create_user_mapping.sgml (r1.2 -> r1.3)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_user_mapping.sgml?r1=1.2&r2=1.3)
        drop_user_mapping.sgml (r1.1 -> r1.2)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/drop_user_mapping.sgml?r1=1.1&r2=1.2)
    pgsql/src/backend/catalog:
        information_schema.sql (r1.49 -> r1.50)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/information_schema.sql?r1=1.49&r2=1.50)
    pgsql/src/backend/commands:
        foreigncmds.c (r1.4 -> r1.5)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/foreigncmds.c?r1=1.4&r2=1.5)
    pgsql/src/test/regress/expected:
        foreign_data.out (r1.4 -> r1.5)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/foreign_data.out?r1=1.4&r2=1.5)
    pgsql/src/test/regress/sql:
        foreign_data.sql (r1.3 -> r1.4)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/foreign_data.sql?r1=1.3&r2=1.4)

pgsql-committers by date

Next:From: Peter EisentrautDate: 2009-01-20 09:58:50
Subject: pgsql: Do not msgmerge against /dev/null; merge against the pot file
Previous:From: User DimDate: 2009-01-20 08:41:21
Subject: backports - min_update: Imported Sources

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group