From: | Yugo Nagata <nagata(at)sraoss(dot)co(dot)jp> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: has_table_privilege for a table in unprivileged schema causes an error |
Date: | 2018-08-17 03:02:57 |
Message-ID: | 20180817120257.de6479e276ba67706ce78dd4@sraoss.co.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, 16 Aug 2018 19:37:42 -0400
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Yugo Nagata <nagata(at)sraoss(dot)co(dot)jp> writes:
> > I found that has_table_privilege returns an error when a table is specified
> > by schema-qualified name and the user doen't have privilege for its schema.
>
> > postgres=> select has_table_privilege('myschema.tbl','select');
> > ERROR: permission denied for schema myschema
>
> > I think that this function should return false because the user doesn't have
> > the privilege on this table eventually. It is more useful for users because
> > it is not needed to parse the schema-qualified table name and check the
> > privilege on the schema in advance.
>
> Sounds reasonable, but if we're going to do that, we should do it for
> every one of these functions that concerns a schema-qualifiable object
> type. Not just tables.
OK. I will fix all of these functions that can take a schema-qualifiable
object name as a parameter.
>
> Also, looking at the code, why are you bothering with
> convert_table_schema_priv_string? ISTM what's relevant on the schema is
> always going to be USAGE privilege, independently of the mode being
> checked on the object. So you shouldn't need a bunch of duplicative
> tables.
I thought we needed to consider also USAGE GRANT OPTION, but I might be
misunderstnding something. I will look into this again.
> Plus, I don't think this implementation approach is going to work for
> unqualified table names. You don't know which schema they're in until you
> look them up. (Although I vaguely remember that the path search logic just
> ignores unreadable schemas, so maybe all you have to do with unqualified
> names is nothing. But that's not what this patch is doing now.)
Oops. I overlooked these cases. I'll fix the patch to allow to handle
unqualified table names.
Thanks,
--
Yugo Nagata <nagata(at)sraoss(dot)co(dot)jp>
From | Date | Subject | |
---|---|---|---|
Next Message | Tatsuro Yamada | 2018-08-17 03:19:42 | Re: Fix help option of contrib/oid2name |
Previous Message | Chapman Flack | 2018-08-17 02:58:21 | Re: Facility for detecting insecure object naming |