NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit6aaaa76

committed

Allow GRANTED BY clause in normal GRANT and REVOKE statements

The SQL standard allows a GRANTED BY clause on GRANT andREVOKE (privilege) statements that can specify CURRENT_USER orCURRENT_ROLE. In PostgreSQL, both of these are the default behavior.Since we already have all the parsing support for this for theGRANT (role) statement, we might as well add basic support for thisfor the privilege variant as well. This allows us to check off SQLfeature T332. In the future, perhaps more interesting things could bedone with this, too.Reviewed-by: Simon Riggs <simon@2ndquadrant.com>Discussion:https://www.postgresql.org/message-id/flat/f2feac44-b4c5-f38f-3699-2851d6a76dc9@2ndquadrant.com

1 parent7da8341 commit6aaaa76Copy full SHA for 6aaaa76

File tree

10 files changed

+71

-13

lines changed

doc/src/sgml/ref
- grant.sgml
- revoke.sgml
src
- backend
  - catalog
    - aclchk.c
    - sql_features.txt
  - nodes
    - copyfuncs.c
    - equalfuncs.c
  - parser
    - gram.y
- include/nodes
  - parsenodes.h
- test/regress
  - expected
    - privileges.out
  - sql
    - privileges.sql

10 files changed

+71

-13

lines changed

`‎doc/src/sgml/ref/grant.sgml`

Lines changed: 22 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -26,58 +26,71 @@ GRANT { { SELECT \| INSERT \| UPDATE \| DELETE \| TRUNCATE \| REFERENCES \| TRIGGER }`
`26`	`26`	`ON { [ TABLE ] <replaceable class="parameter">table_name</replaceable> [, ...]`
`27`	`27`	`\| ALL TABLES IN SCHEMA <replaceable class="parameter">schema_name</replaceable> [, ...] }`
`28`	`28`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`29`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`29`	`30`
`30`	`31`	`GRANT { { SELECT \| INSERT \| UPDATE \| REFERENCES } ( <replaceable class="parameter">column_name</replaceable> [, ...] )`
`31`	`32`	`[, ...] \| ALL [ PRIVILEGES ] ( <replaceable class="parameter">column_name</replaceable> [, ...] ) }`
`32`	`33`	`ON [ TABLE ] <replaceable class="parameter">table_name</replaceable> [, ...]`
`33`	`34`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`35`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`34`	`36`
`35`	`37`	`GRANT { { USAGE \| SELECT \| UPDATE }`
`36`	`38`	`[, ...] \| ALL [ PRIVILEGES ] }`
`37`	`39`	`ON { SEQUENCE <replaceable class="parameter">sequence_name</replaceable> [, ...]`
`38`	`40`	`\| ALL SEQUENCES IN SCHEMA <replaceable class="parameter">schema_name</replaceable> [, ...] }`
`39`	`41`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`42`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`40`	`43`
`41`	`44`	`GRANT { { CREATE \| CONNECT \| TEMPORARY \| TEMP } [, ...] \| ALL [ PRIVILEGES ] }`
`42`	`45`	`ON DATABASE <replaceable>database_name</replaceable> [, ...]`
`43`	`46`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`47`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`44`	`48`
`45`	`49`	`GRANT { USAGE \| ALL [ PRIVILEGES ] }`
`46`	`50`	`ON DOMAIN <replaceable>domain_name</replaceable> [, ...]`
`47`	`51`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`52`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`48`	`53`
`49`	`54`	`GRANT { USAGE \| ALL [ PRIVILEGES ] }`
`50`	`55`	`ON FOREIGN DATA WRAPPER <replaceable>fdw_name</replaceable> [, ...]`
`51`	`56`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`57`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`52`	`58`
`53`	`59`	`GRANT { USAGE \| ALL [ PRIVILEGES ] }`
`54`	`60`	`ON FOREIGN SERVER <replaceable>server_name</replaceable> [, ...]`
`55`	`61`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`62`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`56`	`63`
`57`	`64`	`GRANT { EXECUTE \| ALL [ PRIVILEGES ] }`
`58`	`65`	`ON { { FUNCTION \| PROCEDURE \| ROUTINE } <replaceable>routine_name</replaceable> [ ( [ [ <replaceable class="parameter">argmode</replaceable> ] [ <replaceable class="parameter">arg_name</replaceable> ] <replaceable class="parameter">arg_type</replaceable> [, ...] ] ) ] [, ...]`
`59`	`66`	`\| ALL { FUNCTIONS \| PROCEDURES \| ROUTINES } IN SCHEMA <replaceable class="parameter">schema_name</replaceable> [, ...] }`
`60`	`67`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`68`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`61`	`69`
`62`	`70`	`GRANT { USAGE \| ALL [ PRIVILEGES ] }`
`63`	`71`	`ON LANGUAGE <replaceable>lang_name</replaceable> [, ...]`
`64`	`72`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`73`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`65`	`74`
`66`	`75`	`GRANT { { SELECT \| UPDATE } [, ...] \| ALL [ PRIVILEGES ] }`
`67`	`76`	`ON LARGE OBJECT <replaceable class="parameter">loid</replaceable> [, ...]`
`68`	`77`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`78`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`69`	`79`
`70`	`80`	`GRANT { { CREATE \| USAGE } [, ...] \| ALL [ PRIVILEGES ] }`
`71`	`81`	`ON SCHEMA <replaceable>schema_name</replaceable> [, ...]`
`72`	`82`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`83`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`73`	`84`
`74`	`85`	`GRANT { CREATE \| ALL [ PRIVILEGES ] }`
`75`	`86`	`ON TABLESPACE <replaceable>tablespace_name</replaceable> [, ...]`
`76`	`87`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`88`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`77`	`89`
`78`	`90`	`GRANT { USAGE \| ALL [ PRIVILEGES ] }`
`79`	`91`	`ON TYPE <replaceable>type_name</replaceable> [, ...]`
`80`	`92`	`TO <replaceable class="parameter">role_specification</replaceable> [, ...] [ WITH GRANT OPTION ]`
	`93`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`81`	`94`
`82`	`95`	`GRANT <replaceable class="parameter">role_name</replaceable> [, ...] TO <replaceable class="parameter">role_specification</replaceable> [, ...]`
`83`	`96`	`[ WITH ADMIN OPTION ]`
`@@ -133,6 +146,12 @@ GRANT <replaceable class="parameter">role_name</replaceable> [, ...] TO <replace`
`133`	`146`	`to <literal>PUBLIC</literal>.`
`134`	`147`	`</para>`
`135`	`148`
	`149`	`+ <para>`
	`150`	`+ If <literal>GRANTED BY</literal> is specified, the specified grantor must`
	`151`	`+ be the current user. This clause is currently present in this form only`
	`152`	`+ for SQL compatibility.`
	`153`	`+ </para>`
	`154`	`+`
`136`	`155`	`<para>`
`137`	`156`	`There is no need to grant privileges to the owner of an object`
`138`	`157`	`(usually the user that created it),`
`@@ -410,9 +429,9 @@ GRANT admins TO joe;`
`410`	`429`
`411`	`430`	`<para>`
`412`	`431`	`The SQL standard allows the <literal>GRANTED BY</literal> option to`
`413`		`-be used in all forms of <command>GRANT</command>. PostgreSQL only`
`414`		`-supports it when granting role membership, and even then only superusers`
`415`		`-may use it in nontrivial ways.`
	`432`	`+specify only <literal>CURRENT_USER</literal> or`
	`433`	`+<literal>CURRENT_ROLE</literal>. The other variants are PostgreSQL`
	`434`	`+extensions.`
`416`	`435`	`</para>`
`417`	`436`
`418`	`437`	`<para>`

`‎doc/src/sgml/ref/revoke.sgml`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,13 +27,15 @@ REVOKE [ GRANT OPTION FOR ]`
`27`	`27`	`ON { [ TABLE ] <replaceable class="parameter">table_name</replaceable> [, ...]`
`28`	`28`	`\| ALL TABLES IN SCHEMA <replaceable>schema_name</replaceable> [, ...] }`
`29`	`29`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`30`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`30`	`31`	`[ CASCADE \| RESTRICT ]`
`31`	`32`
`32`	`33`	`REVOKE [ GRANT OPTION FOR ]`
`33`	`34`	`{ { SELECT \| INSERT \| UPDATE \| REFERENCES } ( <replaceable class="parameter">column_name</replaceable> [, ...] )`
`34`	`35`	`[, ...] \| ALL [ PRIVILEGES ] ( <replaceable class="parameter">column_name</replaceable> [, ...] ) }`
`35`	`36`	`ON [ TABLE ] <replaceable class="parameter">table_name</replaceable> [, ...]`
`36`	`37`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`38`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`37`	`39`	`[ CASCADE \| RESTRICT ]`
`38`	`40`
`39`	`41`	`REVOKE [ GRANT OPTION FOR ]`
`@@ -42,67 +44,78 @@ REVOKE [ GRANT OPTION FOR ]`
`42`	`44`	`ON { SEQUENCE <replaceable class="parameter">sequence_name</replaceable> [, ...]`
`43`	`45`	`\| ALL SEQUENCES IN SCHEMA <replaceable>schema_name</replaceable> [, ...] }`
`44`	`46`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`47`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`45`	`48`	`[ CASCADE \| RESTRICT ]`
`46`	`49`
`47`	`50`	`REVOKE [ GRANT OPTION FOR ]`
`48`	`51`	`{ { CREATE \| CONNECT \| TEMPORARY \| TEMP } [, ...] \| ALL [ PRIVILEGES ] }`
`49`	`52`	`ON DATABASE <replaceable>database_name</replaceable> [, ...]`
`50`	`53`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`54`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`51`	`55`	`[ CASCADE \| RESTRICT ]`
`52`	`56`
`53`	`57`	`REVOKE [ GRANT OPTION FOR ]`
`54`	`58`	`{ USAGE \| ALL [ PRIVILEGES ] }`
`55`	`59`	`ON DOMAIN <replaceable>domain_name</replaceable> [, ...]`
`56`	`60`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`61`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`57`	`62`	`[ CASCADE \| RESTRICT ]`
`58`	`63`
`59`	`64`	`REVOKE [ GRANT OPTION FOR ]`
`60`	`65`	`{ USAGE \| ALL [ PRIVILEGES ] }`
`61`	`66`	`ON FOREIGN DATA WRAPPER <replaceable>fdw_name</replaceable> [, ...]`
`62`	`67`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`68`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`63`	`69`	`[ CASCADE \| RESTRICT ]`
`64`	`70`
`65`	`71`	`REVOKE [ GRANT OPTION FOR ]`
`66`	`72`	`{ USAGE \| ALL [ PRIVILEGES ] }`
`67`	`73`	`ON FOREIGN SERVER <replaceable>server_name</replaceable> [, ...]`
`68`	`74`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`75`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`69`	`76`	`[ CASCADE \| RESTRICT ]`
`70`	`77`
`71`	`78`	`REVOKE [ GRANT OPTION FOR ]`
`72`	`79`	`{ EXECUTE \| ALL [ PRIVILEGES ] }`
`73`	`80`	`ON { { FUNCTION \| PROCEDURE \| ROUTINE } <replaceable>function_name</replaceable> [ ( [ [ <replaceable class="parameter">argmode</replaceable> ] [ <replaceable class="parameter">arg_name</replaceable> ] <replaceable class="parameter">arg_type</replaceable> [, ...] ] ) ] [, ...]`
`74`	`81`	`\| ALL { FUNCTIONS \| PROCEDURES \| ROUTINES } IN SCHEMA <replaceable>schema_name</replaceable> [, ...] }`
`75`	`82`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`83`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`76`	`84`	`[ CASCADE \| RESTRICT ]`
`77`	`85`
`78`	`86`	`REVOKE [ GRANT OPTION FOR ]`
`79`	`87`	`{ USAGE \| ALL [ PRIVILEGES ] }`
`80`	`88`	`ON LANGUAGE <replaceable>lang_name</replaceable> [, ...]`
`81`	`89`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`90`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`82`	`91`	`[ CASCADE \| RESTRICT ]`
`83`	`92`
`84`	`93`	`REVOKE [ GRANT OPTION FOR ]`
`85`	`94`	`{ { SELECT \| UPDATE } [, ...] \| ALL [ PRIVILEGES ] }`
`86`	`95`	`ON LARGE OBJECT <replaceable class="parameter">loid</replaceable> [, ...]`
`87`	`96`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`97`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`88`	`98`	`[ CASCADE \| RESTRICT ]`
`89`	`99`
`90`	`100`	`REVOKE [ GRANT OPTION FOR ]`
`91`	`101`	`{ { CREATE \| USAGE } [, ...] \| ALL [ PRIVILEGES ] }`
`92`	`102`	`ON SCHEMA <replaceable>schema_name</replaceable> [, ...]`
`93`	`103`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`104`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`94`	`105`	`[ CASCADE \| RESTRICT ]`
`95`	`106`
`96`	`107`	`REVOKE [ GRANT OPTION FOR ]`
`97`	`108`	`{ CREATE \| ALL [ PRIVILEGES ] }`
`98`	`109`	`ON TABLESPACE <replaceable>tablespace_name</replaceable> [, ...]`
`99`	`110`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`111`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`100`	`112`	`[ CASCADE \| RESTRICT ]`
`101`	`113`
`102`	`114`	`REVOKE [ GRANT OPTION FOR ]`
`103`	`115`	`{ USAGE \| ALL [ PRIVILEGES ] }`
`104`	`116`	`ON TYPE <replaceable>type_name</replaceable> [, ...]`
`105`	`117`	`FROM <replaceable class="parameter">role_specification</replaceable> [, ...]`
	`118`	`+ [ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]`
`106`	`119`	`[ CASCADE \| RESTRICT ]`
`107`	`120`
`108`	`121`	`REVOKE [ ADMIN OPTION FOR ]`

`‎src/backend/catalog/aclchk.c`

Lines changed: 16 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -363,6 +363,22 @@ ExecuteGrantStmt(GrantStmt *stmt)`
`363`	`363`	`constchar*errormsg;`
`364`	`364`	`AclModeall_privileges;`
`365`	`365`
	`366`	`+if (stmt->grantor)`
	`367`	`+{`
	`368`	`+Oidgrantor;`
	`369`	`+`
	`370`	`+grantor=get_rolespec_oid(stmt->grantor, false);`
	`371`	`+`
	`372`	`+/*`
	`373`	`+ * Currently, this clause is only for SQL compatibility, not very`
	`374`	`+ * interesting otherwise.`
	`375`	`+ */`
	`376`	`+if (grantor!=GetUserId())`
	`377`	`+ereport(ERROR,`
	`378`	`+(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
	`379`	`+errmsg("grantor must be current user")));`
	`380`	`+}`
	`381`	`+`
`366`	`382`	`/*`
`367`	`383`	`* Turn the regular GrantStmt into the InternalGrant form.`
`368`	`384`	`*/`

`‎src/backend/catalog/sql_features.txt`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -475,7 +475,7 @@ T324Explicit security for SQL routinesNO`
`475`	`475`	`T325Qualified SQL parameter referencesYES`
`476`	`476`	`T326Table functionsNO`
`477`	`477`	`T331Basic rolesYES`
`478`		`-T332Extended rolesNOmostly supported`
	`478`	`+T332Extended rolesYES`
`479`	`479`	`T341Overloading of SQL-invoked functions and proceduresYES`
`480`	`480`	`T351Bracketed SQL comments (/.../ comments)YES`
`481`	`481`	`T431Extended grouping capabilitiesYES`

`‎src/backend/nodes/copyfuncs.c`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -3270,6 +3270,7 @@ _copyGrantStmt(const GrantStmt *from)`
`3270`	`3270`	`COPY_NODE_FIELD(privileges);`
`3271`	`3271`	`COPY_NODE_FIELD(grantees);`
`3272`	`3272`	`COPY_SCALAR_FIELD(grant_option);`
	`3273`	`+COPY_NODE_FIELD(grantor);`
`3273`	`3274`	`COPY_SCALAR_FIELD(behavior);`
`3274`	`3275`
`3275`	`3276`	`returnnewnode;`

`‎src/backend/nodes/equalfuncs.c`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1145,6 +1145,7 @@ _equalGrantStmt(const GrantStmt a, const GrantStmt b)`
`1145`	`1145`	`COMPARE_NODE_FIELD(privileges);`
`1146`	`1146`	`COMPARE_NODE_FIELD(grantees);`
`1147`	`1147`	`COMPARE_SCALAR_FIELD(grant_option);`
	`1148`	`+COMPARE_NODE_FIELD(grantor);`
`1148`	`1149`	`COMPARE_SCALAR_FIELD(behavior);`
`1149`	`1150`
`1150`	`1151`	`return true;`

`‎src/backend/parser/gram.y`

Lines changed: 8 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -6772,7 +6772,7 @@ opt_from_in:from_in`
`6772`	`6772`	`*****************************************************************************/`
`6773`	`6773`
`6774`	`6774`	`GrantStmt:GRANTprivilegesONprivilege_targetTOgrantee_list`
`6775`		`-opt_grant_grant_option`
	`6775`	`+opt_grant_grant_optionopt_granted_by`
`6776`	`6776`	`{`
`6777`	`6777`	`GrantStmt *n = makeNode(GrantStmt);`
`6778`	`6778`	`n->is_grant =true;`
`@@ -6782,13 +6782,14 @@ GrantStmt:GRANT privileges ON privilege_target TO grantee_list`
`6782`	`6782`	`n->objects = ($4)->objs;`
`6783`	`6783`	`n->grantees =$6;`
`6784`	`6784`	`n->grant_option =$7;`
	`6785`	`+n->grantor =$8;`
`6785`	`6786`	`$$ = (Node*)n;`
`6786`	`6787`	`}`
`6787`	`6788`	`;`
`6788`	`6789`
`6789`	`6790`	`RevokeStmt:`
`6790`	`6791`	`REVOKEprivilegesONprivilege_target`
`6791`		`-FROMgrantee_listopt_drop_behavior`
	`6792`	`+FROMgrantee_listopt_granted_byopt_drop_behavior`
`6792`	`6793`	`{`
`6793`	`6794`	`GrantStmt *n = makeNode(GrantStmt);`
`6794`	`6795`	`n->is_grant =false;`
`@@ -6798,11 +6799,12 @@ RevokeStmt:`
`6798`	`6799`	`n->objtype = ($4)->objtype;`
`6799`	`6800`	`n->objects = ($4)->objs;`
`6800`	`6801`	`n->grantees =$6;`
`6801`		`-n->behavior =$7;`
	`6802`	`+n->grantor =$7;`
	`6803`	`+n->behavior =$8;`
`6802`	`6804`	`$$ = (Node *)n;`
`6803`	`6805`	`}`
`6804`	`6806`	`\|REVOKEGRANTOPTIONFORprivilegesONprivilege_target`
`6805`		`-FROMgrantee_listopt_drop_behavior`
	`6807`	`+FROMgrantee_listopt_granted_byopt_drop_behavior`
`6806`	`6808`	`{`
`6807`	`6809`	`GrantStmt *n = makeNode(GrantStmt);`
`6808`	`6810`	`n->is_grant =false;`
`@@ -6812,7 +6814,8 @@ RevokeStmt:`
`6812`	`6814`	`n->objtype = ($7)->objtype;`
`6813`	`6815`	`n->objects = ($7)->objs;`
`6814`	`6816`	`n->grantees =$9;`
`6815`		`-n->behavior =$10;`
	`6817`	`+n->grantor =$10;`
	`6818`	`+n->behavior =$11;`
`6816`	`6819`	`$$ = (Node *)n;`
`6817`	`6820`	`}`
`6818`	`6821`	`;`

`‎src/include/nodes/parsenodes.h`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1949,6 +1949,7 @@ typedef struct GrantStmt`
`1949`	`1949`	`/* privileges == NIL denotes ALL PRIVILEGES */`
`1950`	`1950`	`Listgrantees;/ list of RoleSpec nodes */`
`1951`	`1951`	`boolgrant_option;/* grant or revoke grant option */`
	`1952`	`+RoleSpec*grantor;`
`1952`	`1953`	`DropBehaviorbehavior;/* drop behavior (for REVOKE) */`
`1953`	`1954`	`}GrantStmt;`
`1954`	`1955`

`‎src/test/regress/expected/privileges.out`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -70,8 +70,10 @@ SELECT * FROM atest1;`
`70`	`70`	`CREATE TABLE atest2 (col1 varchar(10), col2 boolean);`
`71`	`71`	`GRANT SELECT ON atest2 TO regress_priv_user2;`
`72`	`72`	`GRANT UPDATE ON atest2 TO regress_priv_user3;`
`73`		`-GRANT INSERT ON atest2 TO regress_priv_user4;`
`74`		`-GRANT TRUNCATE ON atest2 TO regress_priv_user5;`
	`73`	`+GRANT INSERT ON atest2 TO regress_priv_user4 GRANTED BY CURRENT_USER;`
	`74`	`+GRANT TRUNCATE ON atest2 TO regress_priv_user5 GRANTED BY CURRENT_ROLE;`
	`75`	`+GRANT TRUNCATE ON atest2 TO regress_priv_user4 GRANTED BY regress_priv_user5; -- error`
	`76`	`+ERROR: grantor must be current user`
`75`	`77`	`SET SESSION AUTHORIZATION regress_priv_user2;`
`76`	`78`	`SELECT session_user, current_user;`
`77`	`79`	`session_user \| current_user`

`‎src/test/regress/sql/privileges.sql`

Lines changed: 4 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -64,8 +64,10 @@ SELECT * FROM atest1;`
`64`	`64`	`CREATETABLEatest2 (col1varchar(10), col2boolean);`
`65`	`65`	`GRANTSELECTON atest2 TO regress_priv_user2;`
`66`	`66`	`GRANTUPDATEON atest2 TO regress_priv_user3;`
`67`		`-GRANT INSERTON atest2 TO regress_priv_user4;`
`68`		`-GRANT TRUNCATEON atest2 TO regress_priv_user5;`
	`67`	`+GRANT INSERTON atest2 TO regress_priv_user4 GRANTED BYCURRENT_USER;`
	`68`	`+GRANT TRUNCATEON atest2 TO regress_priv_user5 GRANTED BY CURRENT_ROLE;`
	`69`	`+`
	`70`	`+GRANT TRUNCATEON atest2 TO regress_priv_user4 GRANTED BY regress_priv_user5;-- error`
`69`	`71`
`70`	`72`
`71`	`73`	`SET SESSION AUTHORIZATION regress_priv_user2;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6aaaa76

File tree

10 files changed

10 files changed

`‎doc/src/sgml/ref/grant.sgml`

`‎doc/src/sgml/ref/revoke.sgml`

`‎src/backend/catalog/aclchk.c`

`‎src/backend/catalog/sql_features.txt`

`‎src/backend/nodes/copyfuncs.c`

`‎src/backend/nodes/equalfuncs.c`

`‎src/backend/parser/gram.y`

`‎src/include/nodes/parsenodes.h`

`‎src/test/regress/expected/privileges.out`

`‎src/test/regress/sql/privileges.sql`

0 commit comments