Re: Skip ExecCheckRTPerms in CTAS with no data

Peter Eisentraut <peter.eisentraut@enterprisedb.com>

From: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: Bharath Rupireddy <bharath.rupireddyforpostgres@gmail.com>, Anastasia Lubennikova <a.lubennikova@postgrespro.ru>, Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2020-11-19T15:17:32Z
Lists: pgsql-hackers
On 2020-11-17 02:32, Michael Paquier wrote:
>> The SQL standard says that for CREATE TABLE AS, the INSERT "is effectively
>> executed without further Access Rule checking", which means the INSERT
>> privilege shouldn't be required at all.  I suggest we consider doing that
>> instead.  I don't see a use for the current behavior.
> Hmm.  Is there anything specific for materialized views?  They've
> checked for INSERT privileges at this phase since their introduction
> in 3bf3ab8c.

Materialized views are not in the SQL standard.

But if you consider materialized views as a variant of normal views, 
then the INSERT privilege would be applicable if you pass an INSERT on 
the materialized view through to the underlying tables, like for a view.

Also note that REFRESH on a materialized view does not check any 
privileges (only ownership), so having a privilege that only applies 
when the materialized view is created doesn't make sense.



Commits

  1. Remove INSERT privilege check at table creation of CTAS and matview

  2. Relax INSERT privilege requirement for CTAS and matviews WITH NO DATA