Re: patch for type privileges

On 15 November 2011 20:23, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> Here is the patch to implement type privileges that I alluded to
> earlier.  To recall, this is mainly so that owners can prevent others
> from using their types because that would in some cases prevent owners
> from changing the types.  That would effectively be a denial of service.
>
> These are the interfaces that this patch implements:
>
> - GRANT USAGE ON DOMAIN
> - GRANT USAGE ON TYPE
> - default privileges for types
> - analogous REVOKEs
> - display privileges in psql \dT+
> - privilege checks in various DDL commands (CREATE FUNCTION, CREATE
> TABLE, etc.)
> - various information schema views adjusted
> - has_type_privilege function family
>
> The basics here are mainly informed by the SQL standard.  One thing from
> there I did not implement is checking for permission of a type used in
> CAST (foo AS type).  This would be doable but relatively complicated,
> and in practice someone how is not supposed to be able to use the type
> wouldn't be able to create the cast or the underlying cast function
> anyway for lack of access to the type.
>
> As elsewhere in the system, the usage of TYPE and DOMAIN is partially
> overlapping and partially not.  You can use GRANT ON TYPE on a domain
> but not GRANT ON DOMAIN on a type (compare CREATE/DROP).  We only
> support one common set of default privileges for types and domains.  I
> feel that's enough, but it could be adjusted.
>
> Open items:
>
> - GRANT TO ALL TYPES -- haven't gotten to that yet, but could be added
>
> A reviewer should of course particularly check if there are any holes in
> the privilege protection that this patch purports to afford.

Want to try again but with the patch attached? ;)

--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935

EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company