| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: LOCK TABLE Permissions |
| Date: | 2013-07-19 16:47:23 |
| Message-ID: | CA+Tgmob+SKNjK4FW81ejZpxOxsTVZJT8h_4u=xJyDb_-HBP7GQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Jul 19, 2013 at 12:33 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> if (lockmode == AccessShareLock)
>> aclresult = pg_class_aclcheck(reloid, GetUserId(),
>> ACL_SELECT);
>> + else if (lockmode == RowExclusiveLock)
>> + aclresult = pg_class_aclcheck(reloid, GetUserId(),
>> + ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE);
>> else
>> aclresult = pg_class_aclcheck(reloid, GetUserId(),
>> ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE);
>
> Perhaps it would be better to refactor with a local variable for the
> aclmask and just one instance of the pg_class_aclcheck call. Also, I'm
> pretty sure that the documentation work needed is more extensive
> than the actual patch ;-). Otherwise, I don't see a problem with this.
I don't really care one way or the other whether we change this in
master, but I think back-patching changes that loosen security
restrictions is a poor idea.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2013-07-19 16:51:02 | Re: getting rid of SnapshotNow |
| Previous Message | Robert Haas | 2013-07-19 16:46:06 | Re: getting rid of SnapshotNow |