Re: table partitioning and access privileges
Amit Langote <amitlangote09@gmail.com>
From: Amit Langote <amitlangote09@gmail.com>
To: Fujii Masao <masao.fujii@oss.nttdata.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Fujii Masao <masao.fujii@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2020-02-03T02:05:46Z
Lists: pgsql-hackers
Attachments
- doc-inh-trunc-perms-94.patch (text/plain) patch
- doc-inh-trunc-perms-95-12.patch (text/plain) patch
On Fri, Jan 31, 2020 at 9:39 PM Fujii Masao <masao.fujii@oss.nttdata.com> wrote: > On 2020/01/31 13:38, Amit Langote wrote: > > On Fri, Jan 31, 2020 at 1:28 AM Fujii Masao <masao.fujii@oss.nttdata.com> wrote: > >> Fair enough. I finally did back-patch because the behavior is clearly > >> documented and I failed to hear the opinions to object the back-patch. > >> But I should have heard and discussed such risks more. > >> > >> I'm OK to revert all those back-patch. Instead, probably the document > >> should be updated in old branches. > > > > I could find only this paragraph in the section on inheritance that > > talks about how access permissions work: > > > > 9.4: > > > > "Note how table access permissions are handled. Querying a parent > > table can automatically access data in child tables without further > > access privilege checking. This preserves the appearance that the data > > is (also) in the parent table. Accessing the child tables directly is, > > however, not automatically allowed and would require further > > privileges to be granted." > > > > 9.5-12: > > > > "Inherited queries perform access permission checks on the parent > > table only. Thus, for example, granting UPDATE permission on the > > cities table implies permission to update rows in the capitals table > > as well, when they are accessed through cities. This preserves the > > appearance that the data is (also) in the parent table. But the > > capitals table could not be updated directly without an additional > > grant. In a similar way, the parent table's row security policies (see > > Section 5.7) are applied to rows coming from child tables during an > > inherited query. A child table's policies, if any, are applied only > > when it is the table explicitly named in the query; and in that case, > > any policies attached to its parent(s) are ignored." > > > > Do you mean that the TRUNCATE exception should be noted here? > > Yes, that's what I was thinking. Okay. How about the attached? Maybe, we should also note the LOCK TABLE exception? Regards, Amit
Commits
-
Make inherited LOCK TABLE perform access permission checks on parent table only.
- b7e51b350c4e 13.0 landed
-
Add note about access permission checks by inherited TRUNCATE and LOCK TABLE.
- bf1840255123 9.4.26 landed
- 990acfc656c0 9.5.21 landed
- ebf273000a57 9.6.17 landed
- 87f738dafbe1 10.12 landed
- 0d233f458ff6 11.7 landed
- 4988d7e96953 12.2 landed
-
Revert commit 56bc82a511.
- d034ab0bb2ae 9.4.26 landed
-
Revert commit 606f350de9.
- dc06d0839a33 9.5.21 landed
-
Revert commit 928e755d22.
- c15b17f9276e 9.6.17 landed
-
Revert commit 4b96c03a0a.
- 8b1a6499d055 10.12 landed
-
Revert commit a5b652f3a0.
- ea7857dddb54 11.7 landed
-
Revert commit de0177788b.
- 0d9f307cf82a 12.2 landed
-
Make inherited TRUNCATE perform access permission checks on parent table only.
- 56bc82a51117 9.4.26 landed
- 606f350de92a 9.5.21 landed
- 928e755d22de 9.6.17 landed
- 4b96c03a0a2a 10.12 landed
- a5b652f3a011 11.7 landed
- de0177788bf3 12.2 landed
- e6f1e560e4c6 13.0 landed
-
Regression tests for LOCK TABLE.
- ac33c7e2c130 9.4.0 cited