|From:||Pierre Ducroquet <p(dot)psql(at)pinaraf(dot)info>|
|Cc:||Kuntal Ghosh <kuntalghosh(dot)2007(at)gmail(dot)com>|
|Subject:||Re: [Patch] Invalid permission check in pg_stats for functional indexes|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On Tuesday, September 3, 2019 12:39:51 PM CEST Kuntal Ghosh wrote:
> Hello Pierre,
> > When using a functional index on a table, we realized that the permission
> > check done in pg_stats was incorrect and thus preventing valid access to
> > the statistics from users.
> > The attached patch fixes this by introducing a second path in privilege
> > check in pg_stats view.
> The patch doesn't apply on the latest HEAD .
All my apologies for that. I submitted this patch some time ago but forgot to
add it to the commit fest. Attached to this mail is a rebased version.
> IIUC, the patch introduces an additional privilege check for the
> underlying objects involved in the expression/functional index. If the
> user has 'select' privileges on all of the columns/objects included in
> the expression/functional index, then it should be visible in pg_stats
> view. I've applied the patch manually and tested the feature. It works
> as expected.
Indeed, you understood correctly. I have not digged around to find out the
origin of the current situation, but it does not look like an intentional
behaviour, more like a small oversight.
> > I have not written a regression test yet, mainly because I'm not 100%
> > certain where to write it. Given some hints, I would happily add it to
> > this patch.
> Yeah, it'll be good to have some regression tests for the same. I'm
> also not sure which regression file best suites for these tests.
Thank you very much for your review
|Next Message||Stephen Frost||2019-09-03 19:25:31||Re: add a MAC check for TRUNCATE|
|Previous Message||Alvaro Herrera||2019-09-03 18:52:01||Re: remove "msg" parameter from convert_tuples_by_name|