Re: has_table_privilege for a table in unprivileged schema causes an error

From: Yugo Nagata <nagata(at)sraoss(dot)co(dot)jp>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: has_table_privilege for a table in unprivileged schema causes an error
Date: 2018-08-17 03:02:57
Message-ID: 20180817120257.de6479e276ba67706ce78dd4@sraoss.co.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, 16 Aug 2018 19:37:42 -0400
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Yugo Nagata <nagata(at)sraoss(dot)co(dot)jp> writes:
> > I found that has_table_privilege returns an error when a table is specified
> > by schema-qualified name and the user doen't have privilege for its schema.
>
> > postgres=> select has_table_privilege('myschema.tbl','select');
> > ERROR: permission denied for schema myschema
>
> > I think that this function should return false because the user doesn't have
> > the privilege on this table eventually. It is more useful for users because
> > it is not needed to parse the schema-qualified table name and check the
> > privilege on the schema in advance.
>
> Sounds reasonable, but if we're going to do that, we should do it for
> every one of these functions that concerns a schema-qualifiable object
> type. Not just tables.

OK. I will fix all of these functions that can take a schema-qualifiable
object name as a parameter.

>
> Also, looking at the code, why are you bothering with
> convert_table_schema_priv_string? ISTM what's relevant on the schema is
> always going to be USAGE privilege, independently of the mode being
> checked on the object. So you shouldn't need a bunch of duplicative
> tables.

I thought we needed to consider also USAGE GRANT OPTION, but I might be
misunderstnding something. I will look into this again.

> Plus, I don't think this implementation approach is going to work for
> unqualified table names. You don't know which schema they're in until you
> look them up. (Although I vaguely remember that the path search logic just
> ignores unreadable schemas, so maybe all you have to do with unqualified
> names is nothing. But that's not what this patch is doing now.)

Oops. I overlooked these cases. I'll fix the patch to allow to handle
unqualified table names.

Thanks,

--
Yugo Nagata <nagata(at)sraoss(dot)co(dot)jp>

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tatsuro Yamada 2018-08-17 03:19:42 Re: Fix help option of contrib/oid2name
Previous Message Chapman Flack 2018-08-17 02:58:21 Re: Facility for detecting insecure object naming