Re: Reworks of DML permission checks
Kouhei Kaigai <kaigai@ak.jp.nec.com>
From: KaiGai Kohei <kaigai@ak.jp.nec.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Stephen Frost <sfrost@snowman.net>, pgsql-hackers@postgresql.org
Date: 2010-07-12T04:09:08Z
Lists: pgsql-hackers
Attachments
- pgsql-v9.1-reworks-dml-checks.2.patch (application/octect-stream) patch v9
(2010/07/10 5:53), Robert Haas wrote: > 2010/6/14 KaiGai Kohei<kaigai@ak.jp.nec.com>: >> The attached patch tries to rework DML permission checks. >> >> It was mainly checked at the ExecCheckRTEPerms(), but same logic was >> implemented in COPY TO/FROM statement and RI_Initial_Check(). >> >> This patch tries to consolidate these permission checks into a common >> function to make access control decision on DML permissions. It enables >> to eliminate the code duplication, and improve consistency of access >> controls. > > This patch is listed on the CommitFest page, but I'm not sure if it > represents the latest work on this topic. At a minimum, it needs to > be rebased. > > I am not excited about moving ExecCheckRT[E]Perms to some other place > in the code. It seems to me that will complicate back-patching with > no corresponding advantage. I'd suggest we not do that. The COPY > and RI code can call ExecCheckRTPerms() where it is. Maybe at some > point we will have a grand master plan for how this should all be laid > out, but right now I'd prefer localized changes. > OK, I rebased and revised the patch not to move ExecCheckRTPerms() from executor/execMain.c. In the attached patch, DoCopy() and RI_Initial_Check() calls that function to consolidate dml access control logic. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com>