Re: patch for type privileges
Peter Eisentraut <peter_e@gmx.net>
From: Peter Eisentraut <peter_e@gmx.net>
To: Yeb Havinga <yebhavinga@gmail.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2011-12-12T19:53:22Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Support range data types.
- 4429f6a9e3e1 9.2.0 cited
Attachments
- typacl-v4.patch (text/x-patch) patch v4
On sön, 2011-12-11 at 21:21 +0200, Peter Eisentraut wrote: > > * Cannot restrict access to array types. After revoking usage from the > > element type, the error is perhaps a bit misleading. (smallint[] vs > > smallint) > > > > postgres=> create table a (a int2[]); > > ERROR: permission denied for type smallint[] > > OK, that error message should be improved. Fixing this is easy, but I'd like to look into refactoring this a bit. Let's ignore that for now; it's easy to do later. > > > * The patch adds the following text explaining the USAGE privilege on types. > > > > For types and domains, this privilege allow the use of the type or > > domain in the definition of tables, functions, and other schema objects. > > > > Since other paragraphs in USAGE use the word 'creation' instead of > > 'definition', I believe here the word 'creation' should be used too. Fix for that included. > > * The information schema view 'attributes' has this additional condition: > > AND (pg_has_role(t.typowner, 'USAGE') > > OR has_type_privilege(t.oid, 'USAGE')); > > > > What happens is that attributes in a composite type are shown, or not, > > if the current user has USAGE rights. The strange thing here, is that > > the attribute in the type being show or not, doesn't match being able to > > use it (in the creation of e.g. a table). > > Yeah, that's a bug. That should be something like > > AND (pg_has_role(c.relowner, 'USAGE') > OR has_type_privilege(c.reltype, 'USAGE')); And fix for that included. New patch attached.