Re: [sepgsql 2/3] Add db_schema:search permission checks
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Robert Haas <robertmhaas@gmail.com>
Cc: PgHacker <pgsql-hackers@postgresql.org>
Date: 2013-04-02T18:22:56Z
Lists: pgsql-hackers
Attachments
- sepgsql-v9.3-schema-search-permission.v3.patch (application/octet-stream) patch v9
- sepgsql-v9.3-function-execute-permission.v3.patch (application/octet-stream) patch v9
2013/4/1 Robert Haas <robertmhaas@gmail.com>: > On Tue, Jan 15, 2013 at 3:28 PM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote: >> This patch adds sepgsql support for permission checks equivalent >> to the existing SCHEMA USE privilege. >> >> This feature is constructed on new OAT_SCHEMA_SEARCH event >> type being invoked around pg_namespace_aclcheck(). >> So, its expected behavior also follows the behavior of existing >> permissions; unprivileged schema is ignored from the search path, >> or raise an error if object name is fully qualified. >> >> This patch needs src/backend/catalog/objectaccess.c is existing, >> so please apply this patch on top of this feature. >> https://commitfest.postgresql.org/action/patch_view?id=1003 > > KaiGai, > > Could you please rebase this patch? > OK, please check the attached ones. Both patches were rebased to the latest master branch, thus, once either of them got committed, another one has to be rebased later. Please also pay attention security policy module for regression test was also adjusted for these features. Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>