| From: | Fujii Masao <masao(dot)fujii(at)oss(dot)nttdata(dot)com> |
|---|---|
| To: | Amit Langote <amitlangote09(at)gmail(dot)com>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: table partitioning and access privileges |
| Date: | 2020-01-27 02:19:04 |
| Message-ID: | 0ff3cecc-20f4-4ee4-fbfc-601a6a5a9eab@oss.nttdata.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2020/01/23 22:14, Fujii Masao wrote:
>
>
> On 2020/01/22 16:54, Amit Langote wrote:
>> Fujii-san,
>>
>> Thanks for taking a look.
>>
>> On Fri, Jan 10, 2020 at 10:29 AM Fujii Masao <masao(dot)fujii(at)gmail(dot)com>
>> wrote:
>>> On Tue, Jan 7, 2020 at 5:15 PM Amit Langote <amitlangote09(at)gmail(dot)com>
>>> wrote:
>>>> I tend to agree that TRUNCATE's permission model for inheritance
>>>> should be consistent with that for the other commands. How about the
>>>> attached patch toward that end?
>>>
>>> Thanks for the patch!
>>>
>>> The patch basically looks good to me.
>>>
>>> +GRANT SELECT (f1, fz), UPDATE (fz) ON atestc TO regress_priv_user2;
>>> +REVOKE TRUNCATE ON atestc FROM regress_priv_user2;
>>>
>>> These seem not to be necessary for the test.
>>
>> You're right. Removed in the attached updated patch.
>
> Thanks for updating the patch! Barring any objection,
> I will commit this fix and backport it to all supported versions.
Attached are the back-port versions of the patches.
- patch for master and v12
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg12-13.patch
- patch for v11
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg11.patch
- patch for v10
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg10.patch
- patch for v9.6
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg96.patch
- patch for v9.5 and v9.4
0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg94-95.patch
The patch for master branch separates truncate_check_activity() into two
functions, but in v11 or before, truncate_check_activity() didn't exist and
its code was in truncate_check_rel(). So I had to write the back-port
version
of the patch for the previous versions and separate truncate_check_rel()
into three functions, i.e., truncate_check_rel(),
truncate_check_activity() and
truncate_check_perms().
Also the names of users that the regression test for privileges use were
different between PostgreSQL versions. This is another reason
why I had to write several back-port versions of the patches.
Regards,
--
Fujii Masao
NTT DATA CORPORATION
Advanced Platform Technology Group
Research and Development Headquarters
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg10.patch | text/plain | 6.0 KB |
| 0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg11.patch | text/plain | 6.3 KB |
| 0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg12-13.patch | text/plain | 5.0 KB |
| 0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg94-95.patch | text/plain | 5.7 KB |
| 0001-Don-t-check-child-s-TRUNCATE-privilege-when-truncate-fujii-pg96.patch | text/plain | 5.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Takashi Menjo | 2020-01-27 02:25:09 | RE: [PoC] Non-volatile WAL buffer |
| Previous Message | Thomas Munro | 2020-01-27 02:09:45 | Re: [PATCH] Resolve Parallel Hash Join Performance Issue |