Re: table partitioning and access privileges
Fujii Masao <masao.fujii@oss.nttdata.com>
From: Fujii Masao <masao.fujii@oss.nttdata.com>
To: Amit Langote <amitlangote09@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Fujii Masao <masao.fujii@gmail.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2020-02-03T05:07:35Z
Lists: pgsql-hackers
Attachments
- doc-inh-trunc-perms-95-12_fujii.patch (text/plain) patch
On 2020/02/03 11:05, Amit Langote wrote: > On Fri, Jan 31, 2020 at 9:39 PM Fujii Masao <masao.fujii@oss.nttdata.com> wrote: >> On 2020/01/31 13:38, Amit Langote wrote: >>> On Fri, Jan 31, 2020 at 1:28 AM Fujii Masao <masao.fujii@oss.nttdata.com> wrote: >>>> Fair enough. I finally did back-patch because the behavior is clearly >>>> documented and I failed to hear the opinions to object the back-patch. >>>> But I should have heard and discussed such risks more. >>>> >>>> I'm OK to revert all those back-patch. Instead, probably the document >>>> should be updated in old branches. >>> >>> I could find only this paragraph in the section on inheritance that >>> talks about how access permissions work: >>> >>> 9.4: >>> >>> "Note how table access permissions are handled. Querying a parent >>> table can automatically access data in child tables without further >>> access privilege checking. This preserves the appearance that the data >>> is (also) in the parent table. Accessing the child tables directly is, >>> however, not automatically allowed and would require further >>> privileges to be granted." >>> >>> 9.5-12: >>> >>> "Inherited queries perform access permission checks on the parent >>> table only. Thus, for example, granting UPDATE permission on the >>> cities table implies permission to update rows in the capitals table >>> as well, when they are accessed through cities. This preserves the >>> appearance that the data is (also) in the parent table. But the >>> capitals table could not be updated directly without an additional >>> grant. In a similar way, the parent table's row security policies (see >>> Section 5.7) are applied to rows coming from child tables during an >>> inherited query. A child table's policies, if any, are applied only >>> when it is the table explicitly named in the query; and in that case, >>> any policies attached to its parent(s) are ignored." >>> >>> Do you mean that the TRUNCATE exception should be noted here? >> >> Yes, that's what I was thinking. > > Okay. How about the attached? Thanks for the patches! You added the note just after the description about row level security on inherited table, but isn't it better to add it before that? Attached patch does that. Thought? > Maybe, we should also note the LOCK TABLE exception? Yes. Regards, -- Fujii Masao NTT DATA CORPORATION Advanced Platform Technology Group Research and Development Headquarters
Commits
-
Make inherited LOCK TABLE perform access permission checks on parent table only.
- b7e51b350c4e 13.0 landed
-
Add note about access permission checks by inherited TRUNCATE and LOCK TABLE.
- bf1840255123 9.4.26 landed
- 990acfc656c0 9.5.21 landed
- ebf273000a57 9.6.17 landed
- 87f738dafbe1 10.12 landed
- 0d233f458ff6 11.7 landed
- 4988d7e96953 12.2 landed
-
Revert commit 56bc82a511.
- d034ab0bb2ae 9.4.26 landed
-
Revert commit 606f350de9.
- dc06d0839a33 9.5.21 landed
-
Revert commit 928e755d22.
- c15b17f9276e 9.6.17 landed
-
Revert commit 4b96c03a0a.
- 8b1a6499d055 10.12 landed
-
Revert commit a5b652f3a0.
- ea7857dddb54 11.7 landed
-
Revert commit de0177788b.
- 0d9f307cf82a 12.2 landed
-
Make inherited TRUNCATE perform access permission checks on parent table only.
- 56bc82a51117 9.4.26 landed
- 606f350de92a 9.5.21 landed
- 928e755d22de 9.6.17 landed
- 4b96c03a0a2a 10.12 landed
- a5b652f3a011 11.7 landed
- de0177788bf3 12.2 landed
- e6f1e560e4c6 13.0 landed
-
Regression tests for LOCK TABLE.
- ac33c7e2c130 9.4.0 cited