Re: table partitioning and access privileges
Fujii Masao <masao.fujii@gmail.com>
From: Fujii Masao <masao.fujii@gmail.com>
To: Amit Langote <amitlangote09@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2020-01-10T01:29:35Z
Lists: pgsql-hackers
On Tue, Jan 7, 2020 at 5:15 PM Amit Langote <amitlangote09@gmail.com> wrote: > > On Fri, Dec 27, 2019 at 4:26 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Fujii Masao <masao.fujii@gmail.com> writes: > > > My customer reported me that the queries through a partitioned table > > > ignore each partition's SELECT, INSERT, UPDATE, and DELETE privileges, > > > on the other hand, only TRUNCATE privilege specified for each partition > > > is applied. I'm not sure if this behavior is expected or not. But anyway > > > is it better to document that? For example, > > > > > Access privileges may be defined and removed separately for each partition. > > > But note that queries through a partitioned table ignore each partition's > > > SELECT, INSERT, UPDATE and DELETE privileges, and apply only TRUNCATE one. > > > > I believe it's intentional that we only check access privileges on > > the table explicitly named in the query. So I'd say SELECT etc > > are doing the right thing, and if TRUNCATE isn't in step with them > > that's a bug to fix, not something to document. > > I tend to agree that TRUNCATE's permission model for inheritance > should be consistent with that for the other commands. How about the > attached patch toward that end? Thanks for the patch! The patch basically looks good to me. +GRANT SELECT (f1, fz), UPDATE (fz) ON atestc TO regress_priv_user2; +REVOKE TRUNCATE ON atestc FROM regress_priv_user2; These seem not to be necessary for the test. BTW, I found that LOCK TABLE on the parent table checks the permission of its child tables. This also needs to be fixed (as a separate patch)? Regards, -- Fujii Masao
Commits
-
Make inherited LOCK TABLE perform access permission checks on parent table only.
- b7e51b350c4e 13.0 landed
-
Add note about access permission checks by inherited TRUNCATE and LOCK TABLE.
- bf1840255123 9.4.26 landed
- 990acfc656c0 9.5.21 landed
- ebf273000a57 9.6.17 landed
- 87f738dafbe1 10.12 landed
- 0d233f458ff6 11.7 landed
- 4988d7e96953 12.2 landed
-
Revert commit 56bc82a511.
- d034ab0bb2ae 9.4.26 landed
-
Revert commit 606f350de9.
- dc06d0839a33 9.5.21 landed
-
Revert commit 928e755d22.
- c15b17f9276e 9.6.17 landed
-
Revert commit 4b96c03a0a.
- 8b1a6499d055 10.12 landed
-
Revert commit a5b652f3a0.
- ea7857dddb54 11.7 landed
-
Revert commit de0177788b.
- 0d9f307cf82a 12.2 landed
-
Make inherited TRUNCATE perform access permission checks on parent table only.
- 56bc82a51117 9.4.26 landed
- 606f350de92a 9.5.21 landed
- 928e755d22de 9.6.17 landed
- 4b96c03a0a2a 10.12 landed
- a5b652f3a011 11.7 landed
- de0177788bf3 12.2 landed
- e6f1e560e4c6 13.0 landed
-
Regression tests for LOCK TABLE.
- ac33c7e2c130 9.4.0 cited