Re: Why ACL_EXECUTE is checked on FindConversion()?

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: KaiGai Kohei <kaigai@ak.jp.nec.com>
Cc: pgsql-hackers@postgresql.org
Date: 2009-08-19T18:27:53Z
Lists: pgsql-hackers
KaiGai Kohei <kaigai@ak.jp.nec.com> writes:
> When FindConversion() is called, it also checks current user's ACL_EXECUTE
> privilege on the conproc of the fetched conversion.

> Why this check is applied on FindConversion(), instead of FindDefaultConversion()?

Does seem pretty inconsistent, doesn't it?

The original idea may have been to provide a substitute for a USAGE
ACL check on conversions, in which case it's not totally insane: if
you make a conversion default then you're implicitly granting it to
public.  But there's no documentation about this.

Offhand I see no really good reason to have a usage check on
conversions, and would be happy with removing this one.  The function
permission check at CREATE CONVERSION time ought to be sufficient.

			regards, tom lane