From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
---|---|
To: | tgl(at)sss(dot)pgh(dot)pa(dot)us |
Cc: | laurenz(dot)albe(at)cybertec(dot)at, euler(at)eulerto(dot)com, philflorent(at)hotmail(dot)com, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Error from the foreign RDBMS on a foreign table I have no privilege on |
Date: | 2022-06-08 04:08:16 |
Message-ID: | 20220608.130816.822771466101014478.horikyota.ntt@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
At Tue, 07 Jun 2022 23:04:52 -0400, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote in
> Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> > On Wed, 2022-06-08 at 11:12 +0900, Kyotaro Horiguchi wrote:
> > RangeTblEntry *rte = root->simple_rte_array[i];
> > aclcheck_error(ACLCHECK_NO_PRIV,
> > get_relkind_objtype(rte->relkind),
> > get_rel_name(rte->relid));
>
> I think it's completely inappropriate for FDWs to be taking it on
> themselves to inject privilege checks. The system design is that
> that is checked at executor start; not before, not after.
Ah, yes. It's not good that checking it at multiple stages, and the
only one place should be executor start.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
From | Date | Subject | |
---|---|---|---|
Next Message | Amit Kapila | 2022-06-08 04:10:22 | Re: tablesync copy ignores publication actions |
Previous Message | Kyotaro Horiguchi | 2022-06-08 04:06:25 | Re: Error from the foreign RDBMS on a foreign table I have no privilege on |