NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit8adf56f

committed

Privileges on functions and procedural languages

1 parent5e03503 commit8adf56fCopy full SHA for 8adf56f

File tree

35 files changed

+2320

-1529

lines changed

doc/src/sgml
src
- backend
  - catalog
    - aclchk.c
    - pg_proc.c
  - commands
    - define.c
    - proclang.c
  - executor
    - execQual.c
  - nodes
    - copyfuncs.c
    - equalfuncs.c
  - parser
    - gram.y
    - keywords.c
  - utils
    - Gen_fmgrtab.sh
    - adt
      - acl.c
      - sets.c
    - cache
      - fcache.c
    - misc
      - superuser.c
- bin
  - initdb
    - initdb.sh
  - scripts
    - createlang.sh
- include
  - catalog
  - miscadmin.h
  - nodes
    - nodes.h
    - parsenodes.h
  - parser
    - keywords.h
  - utils
    - acl.h
    - fcache.h
- test/regress
  - expected
    - privileges.out
  - sql
    - privileges.sql

35 files changed

+2320

-1529

lines changed

`‎doc/src/sgml/catalogs.sgml`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`<!--`
`2`	`2`	`Documentation of the system catalogs, directed toward PostgreSQL developers`
`3`		`- $Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.29 2001/11/21 05:53:40 thomas Exp $`
	`3`	`+ $Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.30 2002/02/18 23:10:59 petere Exp $`
`4`	`4`	`-->`
`5`	`5`
`6`	`6`	`<chapter id="catalogs">`
`@@ -1261,6 +1261,13 @@`
`1261`	`1261`	`<entry></entry>`
`1262`	`1262`	`<entry>not currently used</entry>`
`1263`	`1263`	`</row>`
	`1264`	`+`
	`1265`	`+ <row>`
	`1266`	`+ <entry>lanacl</entry>`
	`1267`	`+ <entry><type>aclitem[]</type></entry>`
	`1268`	`+ <entry></entry>`
	`1269`	`+ <entry>Access permissions</entry>`
	`1270`	`+ </row>`
`1264`	`1271`	`</tbody>`
`1265`	`1272`	`</tgroup>`
`1266`	`1273`	`</table>`
`@@ -1699,6 +1706,13 @@`
`1699`	`1706`	`Again, the interpretation is language-specific.`
`1700`	`1707`	`</entry>`
`1701`	`1708`	`</row>`
	`1709`	`+`
	`1710`	`+ <row>`
	`1711`	`+ <entry>proacl</entry>`
	`1712`	`+ <entry><type>aclitem[]</type></entry>`
	`1713`	`+ <entry></entry>`
	`1714`	`+ <entry>Access permissions</entry>`
	`1715`	`+ </row>`
`1702`	`1716`	`</tbody>`
`1703`	`1717`	`</tgroup>`
`1704`	`1718`	`</table>`

`‎doc/src/sgml/ref/create_function.sgml`

Lines changed: 14 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.30 2001/12/08 03:24:34 thomas Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.31 2002/02/18 23:11:02 petere Exp $`
`3`	`3`	`-->`
`4`	`4`
`5`	`5`	`<refentry id="SQL-CREATEFUNCTION">`
`@@ -270,6 +270,17 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable>`
`270`	`270`	`definition without breaking objects that refer to the function.`
`271`	`271`	`</para>`
`272`	`272`
	`273`	`+ <para>`
	`274`	`+ To be able to define a function, the user must have the`
	`275`	`+ <literal>USAGE</literal> privilege on the language.`
	`276`	`+ </para>`
	`277`	`+`
	`278`	`+ <para>`
	`279`	`+ By default, only the owner (creator) of the function has the right`
	`280`	`+ to execute it. Other users must be granted the`
	`281`	`+ <literal>EXECUTE</literal> privilege on the function to be able to`
	`282`	`+ use it.`
	`283`	`+ </para>`
`273`	`284`	`</refsect1>`
`274`	`285`
`275`	`286`
`@@ -369,7 +380,9 @@ Point * complex_to_point (Complex *z)`
`369`	`380`
`370`	`381`	`<para>`
`371`	`382`	`<xref linkend="sql-dropfunction">,`
	`383`	`+ <xref linkend="sql-grant">,`
`372`	`384`	`<xref linkend="sql-load">,`
	`385`	`+ <xref linkend="sql-revoke">,`
`373`	`386`	`<citetitle>PostgreSQL Programmer's Guide</citetitle>`
`374`	`387`	`</para>`
`375`	`388`	`</refsect1>`

`‎doc/src/sgml/ref/create_language.sgml`

Lines changed: 12 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_language.sgml,v 1.20 2001/12/08 03:24:34 thomas Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_language.sgml,v 1.21 2002/02/18 23:11:02 petere Exp $`
`3`	`3`	`PostgreSQL documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -203,15 +203,22 @@ ERROR: PL handler function <replaceable class="parameter">funcname</replaceable`
`203`	`203`	`lanname \| lanispl \| lanpltrusted \| lanplcallfoid \| lancompiler`
`204`	`204`	`-------------+---------+--------------+---------------+-------------`
`205`	`205`	`internal \| f \| f \| 0 \| n/a`
`206`		`-C \| f \| f \| 0 \| /bin/cc`
`207`		`- sql \| f \|f \| 0 \| postgres`
	`206`	`+c \| f \| f \| 0 \| /bin/cc`
	`207`	`+ sql \| f \|t \| 0 \| postgres`
`208`	`208`	`</screen>`
`209`	`209`	`</para>`
`210`	`210`
`211`	`211`	`<para>`
`212`	`212`	`At present, the definition of a procedural language cannot be`
`213`	`213`	`changed once it has been created.`
`214`	`214`	`</para>`
	`215`	`+`
	`216`	`+ <para>`
	`217`	`+ To be able to use a procedural language, a user must be granted the`
	`218`	`+ <literal>USAGE</literal> privilege. The`
	`219`	`+ <command>createlang</command> program automatically grants`
	`220`	`+ permissions to everyone if the language is known to be trusted.`
	`221`	`+ </para>`
`215`	`222`	`</refsect1>`
`216`	`223`
`217`	`224`	`<refsect1 id="sql-createlanguage-examples">`
`@@ -257,6 +264,8 @@ CREATE LANGUAGE plsample`
`257`	`264`	`<member><xref linkend="sql-createfunction"></member>`
`258`	`265`	`<member><xref linkend="app-droplang"></member>`
`259`	`266`	`<member><xref linkend="sql-droplanguage"></member>`
	`267`	`+ <member><xref linkend="sql-grant"></member>`
	`268`	`+ <member><xref linkend="sql-revoke"></member>`
`260`	`269`	`<member><citetitle>PostgreSQL Programmer's Guide</citetitle></member>`
`261`	`270`	`</simplelist>`
`262`	`271`	`</para>`

`‎doc/src/sgml/ref/grant.sgml`

Lines changed: 38 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.19 2002/01/20 22:19:57 petere Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.20 2002/02/18 23:11:02 petere Exp $`
`3`	`3`	`PostgreSQL documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -19,6 +19,14 @@ PostgreSQL documentation`
`19`	`19`	`GRANT { { SELECT \| INSERT \| UPDATE \| DELETE \| RULE \| REFERENCES \| TRIGGER } [,...] \| ALL [ PRIVILEGES ] }`
`20`	`20`	`ON [ TABLE ] <replaceable class="PARAMETER">objectname</replaceable> [, ...]`
`21`	`21`	`TO { <replaceable class="PARAMETER">username</replaceable> \| GROUP <replaceable class="PARAMETER">groupname</replaceable> \| PUBLIC } [, ...]`
	`22`	`+`
	`23`	`+GRANT { EXECUTE \| ALL [ PRIVILEGES ] }`
	`24`	`+ ON FUNCTION <replaceable>funcname</replaceable> ([<replaceable>type</replaceable>, ...]) [, ...]`
	`25`	`+ TO { <replaceable class="PARAMETER">username</replaceable> \| GROUP <replaceable class="PARAMETER">groupname</replaceable> \| PUBLIC } [, ...]`
	`26`	`+`
	`27`	`+GRANT { USAGE \| ALL [ PRIVILEGES ] }`
	`28`	`+ ON LANGUAGE <replaceable>langname</replaceable> [, ...]`
	`29`	`+ TO { <replaceable class="PARAMETER">username</replaceable> \| GROUP <replaceable class="PARAMETER">groupname</replaceable> \| PUBLIC } [, ...]`
`22`	`30`	`</synopsis>`
`23`	`31`	`</refsynopsisdiv>`
`24`	`32`
`@@ -27,8 +35,9 @@ GRANT { { SELECT \| INSERT \| UPDATE \| DELETE \| RULE \| REFERENCES \| TRIGGER } [,..`
`27`	`35`
`28`	`36`	`<para>`
`29`	`37`	`The <command>GRANT</command> command gives specific permissions on`
`30`		`- an object (table, view, sequence) to one or more users or groups of users.`
`31`		`- These permissions are added to those already granted, if any.`
	`38`	`+ an object (table, view, sequence, function, procedural language) to`
	`39`	`+ one or more users or groups of users. These permissions are added`
	`40`	`+ to those already granted, if any.`
`32`	`41`	`</para>`
`33`	`42`
`34`	`43`	`<para>`
`@@ -134,14 +143,36 @@ GRANT { { SELECT \| INSERT \| UPDATE \| DELETE \| RULE \| REFERENCES \| TRIGGER } [,..`
`134`	`143`	`</listitem>`
`135`	`144`	`</varlistentry>`
`136`	`145`
	`146`	`+ <varlistentry>`
	`147`	`+ <term>EXECUTE</term>`
	`148`	`+ <listitem>`
	`149`	`+ <para>`
	`150`	`+ Allows the use of the specified function and the use of any`
	`151`	`+ operators that are implemented on top of the function. This is`
	`152`	`+ the only type of privilege that is applicable to functions.`
	`153`	`+ </para>`
	`154`	`+ </listitem>`
	`155`	`+ </varlistentry>`
	`156`	`+`
	`157`	`+ <varlistentry>`
	`158`	`+ <term>USAGE</term>`
	`159`	`+ <listitem>`
	`160`	`+ <para>`
	`161`	`+ Allows the use of the specified procedural language for the`
	`162`	`+ creation of functions in that language. This is the only type`
	`163`	`+ of privilege that is applicable to procedural languages.`
	`164`	`+ </para>`
	`165`	`+ </listitem>`
	`166`	`+ </varlistentry>`
	`167`	`+`
`137`	`168`	`<varlistentry>`
`138`	`169`	`<term>ALL PRIVILEGES</term>`
`139`	`170`	`<listitem>`
`140`	`171`	`<para>`
`141`		`- Grant all of theaboveprivileges at once. The`
`142`		`- <literal>PRIVILEGES</literal> key word is optional in`
`143`		`- <productname>PostgreSQL</productname>, though it is`
`144`		`-required bystrict SQL.`
	`172`	`+ Grant all of the privilegesapplicable to the objectat once.`
	`173`	`+The<literal>PRIVILEGES</literal> key word is optional in`
	`174`	`+ <productname>PostgreSQL</productname>, though it is required by`
	`175`	`+ strict SQL.`
`145`	`176`	`</para>`
`146`	`177`	`</listitem>`
`147`	`178`	`</varlistentry>`

`‎doc/src/sgml/ref/revoke.sgml`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.19 2001/12/08 03:24:39 thomas Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.20 2002/02/18 23:11:03 petere Exp $`
`3`	`3`	`PostgreSQL documentation`
`4`	`4`	`-->`
`5`	`5`
`@@ -19,6 +19,14 @@ PostgreSQL documentation`
`19`	`19`	`REVOKE { { SELECT \| INSERT \| UPDATE \| DELETE \| RULE \| REFERENCES \| TRIGGER } [,...] \| ALL [ PRIVILEGES ] }`
`20`	`20`	`ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...]`
`21`	`21`	`FROM { <replaceable class="PARAMETER">username</replaceable> \| GROUP <replaceable class="PARAMETER">groupname</replaceable> \| PUBLIC } [, ...]`
	`22`	`+`
	`23`	`+REVOKE { EXECUTE \| ALL [ PRIVILEGES ] }`
	`24`	`+ ON FUNCTION <replaceable>funcname</replaceable> ([<replaceable>type</replaceable>, ...]) [, ...]`
	`25`	`+ FROM { <replaceable class="PARAMETER">username</replaceable> \| GROUP <replaceable class="PARAMETER">groupname</replaceable> \| PUBLIC } [, ...]`
	`26`	`+`
	`27`	`+REVOKE { USAGE \| ALL [ PRIVILEGES ] }`
	`28`	`+ ON LANGUAGE <replaceable>langname</replaceable> [, ...]`
	`29`	`+ FROM { <replaceable class="PARAMETER">username</replaceable> \| GROUP <replaceable class="PARAMETER">groupname</replaceable> \| PUBLIC } [, ...]`
`22`	`30`	`</synopsis>`
`23`	`31`	`</refsynopsisdiv>`
`24`	`32`

`‎doc/src/sgml/release.sgml`

Lines changed: 26 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,35 @@`
`1`	`1`	`<!--`
`2`		`-$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.115 2002/01/31 21:20:03 momjian Exp $`
	`2`	`+$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.116 2002/02/18 23:11:00 petere Exp $`
`3`	`3`	`-->`
`4`	`4`
`5`	`5`	`<appendix id="release">`
`6`	`6`	`<title>Release Notes</title>`
`7`	`7`
	`8`	`+ <sect1 id="release-devel">`
	`9`	`+ <title>&version; Development Branch</title>`
	`10`	`+`
	`11`	`+ <para>`
	`12`	`+ Below is a subset of the changes that have gone into the`
	`13`	`+ development branch of PostgreSQL since version 7.2. For a complete`
	`14`	`+ list of changes, consult the CVS logs.`
	`15`	`+ </para>`
	`16`	`+`
	`17`	`+<!--`
	`18`	`+Developers: When you add a feature, mention it here. This avoids`
	`19`	`+lossiness when digging out the information from the CVS logs, and`
	`20`	`+furthermore it advertises your feature to external parties at the`
	`21`	`+earliest possible moment.`
	`22`	`+`
	`23`	`+CDATA means the content is "SGML-free", so you can write without`
	`24`	`+worries about funny characters.`
	`25`	`+-->`
	`26`	`+<literallayout><![CDATA[`
	`27`	`+Access privileges on functions`
	`28`	`+Access privileges on procedural languages`
	`29`	`+]]></literallayout>`
	`30`	`+`
	`31`	`+ </sect1>`
	`32`	`+`
`8`	`33`	`<sect1 id="release-7-2">`
`9`	`34`	`<title>Release 7.2</title>`
`10`	`35`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8adf56f

File tree

35 files changed

35 files changed

`‎doc/src/sgml/catalogs.sgml`

`‎doc/src/sgml/ref/create_function.sgml`

`‎doc/src/sgml/ref/create_language.sgml`

`‎doc/src/sgml/ref/grant.sgml`

`‎doc/src/sgml/ref/revoke.sgml`

`‎doc/src/sgml/release.sgml`

0 commit comments