From: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
---|---|
To: | horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp |
Cc: | hoshiai(at)sraoss(dot)co(dot)jp, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Proposal to suppress errors thrown by to_reg*() |
Date: | 2019-03-19 08:54:01 |
Message-ID: | 20190319.175401.646838939186238443.t-ishii@sraoss.co.jp |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
>> You misunderstand the functionality of to_regclass(). Even if a user
>> does not have an access privilege of certain table, to_regclass() does
>> not raise an error.
>>
>> test=> select * from t1;
>> ERROR: permission denied for table t1
>>
>> test=> select to_regclass('t1')::oid;
>> to_regclass
>> -------------
>> 1647238
>> (1 row)
>>
>> So why can't we do the same thing for schema? For me, that way seems
>> to be more consistent.
>
> It seems to be a different thing. The oid 1647239 would be a
> table in public schema or any schema that the user has access
> to. If search_path contained only unprivileged schemas, the
> function silently ignores such schemas.
>
> => set search_path to s1; -- the user doesn't have access to this schema.
> => select to_regclass('t1')::oid; -- the table is really exists.
>> to_regclass
>> -------------
>>
>> (1 row)
I (and Hoshiai-san) concern about following case:
# revoke usage on schema s1 from foo;
REVOKE
:
[connect as foo]
test=> select to_regclass('s1.t1')::oid;
ERROR: permission denied for schema s1
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
From | Date | Subject | |
---|---|---|---|
Next Message | Imai, Yoshikazu | 2019-03-19 09:20:22 | RE: Speed up transaction completion faster after many relations are accessed in a transaction |
Previous Message | Masahiko Sawada | 2019-03-19 08:51:32 | Re: [HACKERS] Block level parallel vacuum |