Re: proposal: schema variables
Pavel Stehule <pavel.stehule@gmail.com>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Move WAL sequence code into its own file
- a87987cafca6 19 (unreleased) cited
-
Add ExplainState argument to pg_plan_query() and planner().
- c83ac02ec730 19 (unreleased) cited
-
Don't include access/htup_details.h in executor/tuptable.h
- 1a8b5b11e48a 19 (unreleased) cited
-
Refactor to avoid code duplication in transformPLAssignStmt.
- b0fb2c6aa5a4 19 (unreleased) cited
-
Avoid including commands/dbcommands.h in so many places
- 325fc0ab14d1 19 (unreleased) cited
-
Restrict psql meta-commands in plain-text dumps.
- 71ea0d679543 19 (unreleased) cited
-
Split func.sgml into more manageable pieces
- 4e23c9ef65ac 19 (unreleased) cited
-
Fix squashing algorithm for query texts
- 0f65f3eec478 18.0 cited
-
EXPLAIN: Always use two fractional digits for row counts.
- 95dbd827f2ed 18.0 cited
-
Preliminary refactoring of plpgsql expression construction.
- a654af21ae52 18.0 cited
-
plpgsql: pure parser and reentrant scanner
- 7b27f5fd36cb 18.0 cited
-
Add some sanity checks in executor for query ID reporting
- 24f520594809 18.0 cited
-
Fix misleading error message context
- 4af123ad45bd 18.0 cited
-
Add macros for looping through a List without a ListCell.
- 14dd0f27d7cd 17.0 cited
Attachments
- v20241219-0021-transactional-variables.patch (text/x-patch) patch v20241219-0021
- v20241219-0018-plpgsql-implementation-for-LET-statement.patch (text/x-patch) patch v20241219-0018
- v20241219-0022-pg_restore-A-variable.patch (text/x-patch) patch v20241219-0022
- v20241219-0019-expression-with-session-variables-can-be-inlined.patch (text/x-patch) patch v20241219-0019
- v20241219-0020-this-patch-changes-error-message-column-doesn-t-exis.patch (text/x-patch) patch v20241219-0020
- v20241219-0017-allow-parallel-execution-queries-with-session-variab.patch (text/x-patch) patch v20241219-0017
- v20241219-0016-allow-read-an-value-of-session-variable-directly-fro.patch (text/x-patch) patch v20241219-0016
- v20241219-0015-Implementation-of-NOT-NULL-and-IMMUTABLE-clauses.patch (text/x-patch) patch v20241219-0015
- v20241219-0013-Implementation-ON-TRANSACTION-END-RESET-clause.patch (text/x-patch) patch v20241219-0013
- v20241219-0012-implementation-of-temporary-session-variables.patch (text/x-patch) patch v20241219-0012
- v20241219-0014-Implementation-of-DEFAULT-clause-default-expressions.patch (text/x-patch) patch v20241219-0014
- v20241219-0011-PREPARE-LET-support.patch (text/x-patch) patch v20241219-0011
- v20241219-0010-EXPLAIN-LET-support.patch (text/x-patch) patch v20241219-0010
- v20241219-0009-dynamic-check-of-usage-of-session-variable-fences.patch (text/x-patch) patch v20241219-0009
- v20241219-0006-plpgsql-tests.patch (text/x-patch) patch v20241219-0006
- v20241219-0007-GUC-session_variables_ambiguity_warning.patch (text/x-patch) patch v20241219-0007
- v20241219-0008-variable-fence-syntax-support-and-variable-fence-usa.patch (text/x-patch) patch v20241219-0008
- v20241219-0005-memory-cleaning-after-DROP-VARIABLE.patch (text/x-patch) patch v20241219-0005
- v20241219-0004-DISCARD-VARIABLES.patch (text/x-patch) patch v20241219-0004
- v20241219-0003-function-pg_session_variables-for-cleaning-tests.patch (text/x-patch) patch v20241219-0003
- v20241219-0002-Storage-for-session-variables-and-SQL-interface.patch (text/x-patch) patch v20241219-0002
- v20241219-0001-Enhancing-catalog-for-support-session-variables-and-.patch (text/x-patch) patch v20241219-0001
st 18. 12. 2024 v 4:00 odesílatel jian he <jian.universality@gmail.com>
napsal:
> hi.
>
> /*
> * has_session_variable_privilege variants
> * These are all named "has_session_variable_privilege" at the SQL
> level.
> * They take various combinations of variable name, variable OID,
> * user name, user OID, or implicit user = current_user.
> *
> * The result is a boolean value: true if user has the indicated
> * privilege, false if not. The variants that take a relation OID
> * return NULL if the OID doesn't exist.
> */
> /*
> * has_session_variable_privilege_name_name
> * Check user privileges on a session variable given
> * name username, text sessin variable name, and text priv name.
> */
> "The variants that take a relation OID return NULL if the OID doesn't
> exist."
> should it be
> "The variants that take an OID type return NULL if the OID doesn't exist."
> ?
>
yes, this comment was wrong, and I fixed it
*<><-->The result is a boolean value: true if user has the indicated
*<><-->privilege, false if not, or NULL if session variable doesn't
*<><-->exists.
>
> typo, "sessin" should be "session".
>
fixed
> ----------------<<<>>>>-------------------
> <sect1 id="ddl-session-variables">
> <title>Session Variables</title>
> only mentioned that "Session variables themselves are persistent, but their
> values are neither persistent nor shared (like the content of temporary
> tables).
> "
> I feel like this sentence is not that explicit. we actually want to say
> "Once a session exits, the variable value is reset to NULL, one
> session cannot see another session variable value."
>
This is not fully true. I wrote new paragraph there
<para>
The session variable holds a value in session memory. This value is
private
to each session and is released when the session ends.
</para>
>
> + <para>
> + A persistent database object that holds a value in session memory.
> This
> + value is private to each session and is released when the session
> ends.
> + Read or write access to session variables is controlled by
> privileges,
> + similar to other database objects.
> + </para>
> i do like this description in glossary.sgml.
> maybe we can copy it and put it to ddl.sgml "<sect1
> id="ddl-session-variables">
>
ok - I did it
----------------<<<>>>>-------------------
> REVOKE [ GRANT OPTION FOR ]
> { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] }
> ON { VARIABLE <replaceable>variable_name</replaceable> [, ...]
> | ALL VARIABLES IN SCHEMA <replaceable
> class="parameter">schema_name</replaceable> [, ...] }
> FROM { [ GROUP ] <replaceable
> class="parameter">role_specification</replaceable> | PUBLIC } [, ...]
> [ GRANTED BY <replaceable
> class="parameter">role_specification</replaceable> ]
> [ CASCADE | RESTRICT ]
> revoke, seems still not right.
> since with this, we can say:
> REVOKE ALL PRIVILEGES ON VARIABLE v1 FROM group group alice CASCADE;
>
> i think the correct one should be:
> REVOKE [ GRANT OPTION FOR ]
> { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] }
> ON { VARIABLE <replaceable>variable_name</replaceable> [, ...]
> | ALL VARIABLES IN SCHEMA <replaceable
> class="parameter">schema_name</replaceable> [, ...] }
> FROM <replaceable class="parameter">role_specification</replaceable>
> [, ...]
> [ GRANTED BY <replaceable
> class="parameter">role_specification</replaceable> ]
> [ CASCADE | RESTRICT ]
>
fixed
>
> ----------------<<<>>>>-------------------
> <programlisting>
> CREATE VARIABLE public.current_user_id AS integer;
> GRANT READ ON VARIABLE public.current_user_id TO PUBLIC;
> LET current_user_id = (SELECT id FROM users WHERE usename = session_user);
> SELECT current_user_id;
> </programlisting>
> "GRANT READ" should be "GRANT SELECT".
>
fixed - note it is from second patch
> ----------------<<<>>>>-------------------
> doc/src/sgml/ref/alter_default_privileges.sgml
> GRANT { SELECT | UPDATE | ALL [ PRIVILEGES ] }
> ON VARIABLES
> TO { [ GROUP ] <replaceable
> class="parameter">role_name</replaceable> | PUBLIC } [, ...] [ WITH
> GRANT OPTION ]
> the above part is wrong?
> should be:
> GRANT { { SELECT | UPDATE } [,...]
> | ALL [ PRIVILEGES ] }
> ON VARIABLES
> TO { [ GROUP ] <replaceable
> class="parameter">role_name</replaceable> | PUBLIC } [, ...] [ WITH
> GRANT OPTION ]
>
> since we can:
> ALTER DEFAULT PRIVILEGES
> FOR ROLE alice
> IN SCHEMA svartest
> GRANT SELECT, UPDATE ON VARIABLES TO bob;
>
fixed
> ----------------<<<>>>>-----------------------------
> CREATE VARIABLE IF NOT EXISTS v2 AS comp;
> grant update on variable v2 to alice;
> set role alice;
> LET v2.a = 12; --acl permission error
> LET v2.b = 12; --acl permission error
> LET v2 = (11,12); --ok.
>
>
> not sure this is the desired behavior, for composite type variables, you
> are
> allowed to change all the values, but you are not allowed to update the
> field
> value of the composite. The following are normal table test update cases.
>
> create type comp as (a int, b int);
> create table t2(a comp);
> insert into t2 select '(11,12)';
> grant update (a ) on t2 to alice;
> set role alice;
> update t2 set a.a = 13; --ok
> update t2 set a.b = 13; --ok
> update t2 set a = '(11,13)'; --ok
>
I think this is a bug, but I need more time for investigation. For field
update you need to read the content
the variable, but you are missing SELECT right on the variable, and then
the LET fails. Unfortunately
this is done inside the executor, so it is harder to fix it.
> ----------------<<<>>>>-----------------------------
> domain seems to have an issue.
>
> CREATE domain d1 AS int;
> CREATE VARIABLE var1 AS d1;
> let var1 = 3;
> --this should fail?.
> alter domain d1 add check (value <> 3);
> select var1;
> ERROR: value for domain d1 violates check constraint "d1_check"
>
I fixed it
CREATE DOMAIN testvar_domain AS int;
CREATE VARIABLE var1 AS testvar_domain;
(2024-12-18 21:21:15) postgres=# ALTER DOMAIN testvar_domain ADD
CHECK(value <> 100);
ERROR: cannot alter domain "testvar_domain" because session variable
"public.var1" uses it
Unfortunately I cannot force constraint check validation in other sessions,
so the most safe solution for now is
restriction of this ALTER when domain is used by some variable. I wrote
regress tests for this.
Note: looks so validation of domain check constraints doesn't work for
temporary tables (what is expected,
not sure if it is documented).
----------------<<<>>>>-----------------------------
> doc/src/sgml/ref/alter_variable.sgml
> <title>Parameters</title> section, the order should
> be: name, new_owner, new_name, new_schema?
>
changed
>
> I am beginning to look around 0002.
>
Thank you very much
Regards
Pavel