Re: New patch for Column-level privileges

* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> What I see being tested is SELECT *, which is a different animal
> entirely. As required by spec, SELECT * is expanded to a list of
> ordinary variables at parse time and then it's not really a special
> case anymore. A true whole-row variable only occurs when you have
> something like
>
> create function myfunc(mytable) ...
>
> select myfunc(mytable.*) from mytable ...

Wouldn't this test cover those?

SELECT atest5 FROM atest5; -- fail

Which I added after KaiGai brought it up.

> This is different from the *-expansion case in that you get just
> a single Var with attno 0 in the resulting parse tree.

Right, that's part of the reason that pg_attribute_aclmask has the for
loop through all of the columns- because if an attno of 0 is passed in,
it has to check that the requestor has rights on *all* of the columns.

> Because of this action-at-a-distance in terms of what columns are
> implicitly referenced, I think that the only feasible implementation is
> to carry the "reference to column 0" notation in cols_sel right through
> to execMain, and have execMain understand that as demanding select
> rights on all currently existing non-dropped non-system columns.
> I have not yet checked to see if that's what actually happens;
> but it's certainly not being exercised in the added regression tests.

Right, that's what happens because execMain passes the zero attrno down
into pg_attribute_aclmask which then checks all columns. I could move
that looping logic up into execMain if you'd rather (along with the
special case for 'any column rights') but then I'd have to get the set
of columns which exist in the table referenced by the RTE in execMain.
Dunno if that'd be hard or not.

Thanks,

Stephen