Skip site navigation (1) Skip section navigation (2)

[sepgsql 3/3] Add db_procedure:execute permission checks

From: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
To: PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: [sepgsql 3/3] Add db_procedure:execute permission checks
Date: 2013-01-15 20:46:46
Message-ID: CADyhKSXCQREbxZhfz-p2txu1WXpq+sVdJEF5Z71+rhyX3iV-YA@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege.

This feature is constructed on new OAT_FUNCTION_EXEC event
type being invoked around pg_proc_aclcheck() except for cases
when function's permissions are checked during CREATE or
ALTER commands. (Extension can handle these cases on
OAT_POST_CREATE or OAT_POST_ALTER hooks if needed.)

This patch assumes db_schema:{search} patch is applied on top.
So, please also check the patches below...
https://commitfest.postgresql.org/action/patch_view?id=1003
https://commitfest.postgresql.org/action/patch_view?id=1065

Thanks,
-- 
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

Attachment: sepgsql-v9.3-function-execute-permission.v1.patch
Description: application/octet-stream (22.7 KB)

Responses

pgsql-hackers by date

Next:From: Josh BerkusDate: 2013-01-15 20:50:09
Subject: Re: pg_ctl idempotent option
Previous:From: Robert HaasDate: 2013-01-15 20:44:42
Subject: Re: count(*) of zero rows returns 1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group