[sepgsql 3/3] Add db_procedure:execute permission checks

Kohei KaiGai <kaigai@kaigai.gr.jp>

From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: PgHacker <pgsql-hackers@postgresql.org>
Date: 2013-01-15T20:46:46Z
Lists: pgsql-hackers

Attachments

This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege.

This feature is constructed on new OAT_FUNCTION_EXEC event
type being invoked around pg_proc_aclcheck() except for cases
when function's permissions are checked during CREATE or
ALTER commands. (Extension can handle these cases on
OAT_POST_CREATE or OAT_POST_ALTER hooks if needed.)

This patch assumes db_schema:{search} patch is applied on top.
So, please also check the patches below...
https://commitfest.postgresql.org/action/patch_view?id=1003
https://commitfest.postgresql.org/action/patch_view?id=1065

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>

Commits

  1. Allow extracting machine-readable object identity