NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commitbe90032

committed

Remove partial and undocumented GRANT .. FOREIGN TABLE support.

Instead, foreign tables are treated just like views: permissions canbe granted using GRANT privilege ON [TABLE] foreign_table_name TO role,and revoked similarly. GRANT/REVOKE .. FOREIGN TABLE is no longersupported, just as we don't support GRANT/REVOKE .. VIEW. The set ofaccepted permissions for foreign tables is now identical to the set forregular tables, and views.Per report from Thom Brown, and subsequent discussion.

1 parentaf0f200 commitbe90032Copy full SHA for be90032

File tree

6 files changed

-69

lines changed

doc/src/sgml/ref
- grant.sgml
src
- backend
  - catalog
    - aclchk.c
  - parser
    - gram.y
  - utils/adt
    - acl.c
- include
  - nodes
    - parsenodes.h
  - utils
    - acl.h

6 files changed

-69

lines changed

`‎doc/src/sgml/ref/grant.sgml`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -80,8 +80,8 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace`
`80`	`80`
`81`	`81`	`<para>`
`82`	`82`	`The <command>GRANT</command> command has two basic variants: one`
`83`		`- that grants privileges on a database object (table, column, view,sequence,`
`84`		`- database, foreign-data wrapper, foreign server, function,`
	`83`	`+ that grants privileges on a database object (table, column, view,foreign`
	`84`	`+table, sequence,database, foreign-data wrapper, foreign server, function,`
`85`	`85`	`procedural language, schema, or tablespace), and one that grants`
`86`	`86`	`membership in a role. These variants are similar in many ways, but`
`87`	`87`	`they are different enough to be described separately.`

`‎src/backend/catalog/aclchk.c`

Lines changed: 0 additions & 52 deletions

Original file line number	Diff line number	Diff line change
`@@ -274,9 +274,6 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,`
`274`	`274`	`caseACL_KIND_FOREIGN_SERVER:`
`275`	`275`	`whole_mask=ACL_ALL_RIGHTS_FOREIGN_SERVER;`
`276`	`276`	`break;`
`277`		`-caseACL_KIND_FOREIGN_TABLE:`
`278`		`-whole_mask=ACL_ALL_RIGHTS_FOREIGN_TABLE;`
`279`		`-break;`
`280`	`277`	`default:`
`281`	`278`	`elog(ERROR,"unrecognized object kind: %d",objkind);`
`282`	`279`	`/* not reached, but keep compiler quiet */`
`@@ -480,10 +477,6 @@ ExecuteGrantStmt(GrantStmt *stmt)`
`480`	`477`	`all_privileges=ACL_ALL_RIGHTS_FOREIGN_SERVER;`
`481`	`478`	`errormsg=gettext_noop("invalid privilege type %s for foreign server");`
`482`	`479`	`break;`
`483`		`-caseACL_OBJECT_FOREIGN_TABLE:`
`484`		`-all_privileges=ACL_ALL_RIGHTS_FOREIGN_TABLE;`
`485`		`-errormsg=gettext_noop("invalid privilege type %s for foreign table");`
`486`		`-break;`
`487`	`480`	`default:`
`488`	`481`	`elog(ERROR,"unrecognized GrantStmt.objtype: %d",`
`489`	`482`	`(int)stmt->objtype);`
`@@ -554,7 +547,6 @@ ExecGrantStmt_oids(InternalGrant *istmt)`
`554`	`547`	`{`
`555`	`548`	`caseACL_OBJECT_RELATION:`
`556`	`549`	`caseACL_OBJECT_SEQUENCE:`
`557`		`-caseACL_OBJECT_FOREIGN_TABLE:`
`558`	`550`	`ExecGrant_Relation(istmt);`
`559`	`551`	`break;`
`560`	`552`	`caseACL_OBJECT_DATABASE:`
`@@ -604,7 +596,6 @@ objectNamesToOids(GrantObjectType objtype, List *objnames)`
`604`	`596`	`{`
`605`	`597`	`caseACL_OBJECT_RELATION:`
`606`	`598`	`caseACL_OBJECT_SEQUENCE:`
`607`		`-caseACL_OBJECT_FOREIGN_TABLE:`
`608`	`599`	`foreach(cell,objnames)`
`609`	`600`	`{`
`610`	`601`	`RangeVarrelvar= (RangeVar)lfirst(cell);`
`@@ -1702,21 +1693,11 @@ ExecGrant_Relation(InternalGrant *istmt)`
`1702`	`1693`	`errmsg("\"%s\" is not a sequence",`
`1703`	`1694`	`NameStr(pg_class_tuple->relname))));`
`1704`	`1695`
`1705`		`-/* Used GRANT FOREIGN TABLE on a non-foreign-table? */`
`1706`		`-if (istmt->objtype==ACL_OBJECT_FOREIGN_TABLE&&`
`1707`		`-pg_class_tuple->relkind!=RELKIND_FOREIGN_TABLE)`
`1708`		`-ereport(ERROR,`
`1709`		`-(errcode(ERRCODE_WRONG_OBJECT_TYPE),`
`1710`		`-errmsg("\"%s\" is not a foreign table",`
`1711`		`-NameStr(pg_class_tuple->relname))));`
`1712`		`-`
`1713`	`1696`	`/* Adjust the default permissions based on object type */`
`1714`	`1697`	`if (istmt->all_privs&&istmt->privileges==ACL_NO_RIGHTS)`
`1715`	`1698`	`{`
`1716`	`1699`	`if (pg_class_tuple->relkind==RELKIND_SEQUENCE)`
`1717`	`1700`	`this_privileges=ACL_ALL_RIGHTS_SEQUENCE;`
`1718`		`-elseif (pg_class_tuple->relkind==RELKIND_FOREIGN_TABLE)`
`1719`		`-this_privileges=ACL_ALL_RIGHTS_FOREIGN_TABLE;`
`1720`	`1701`	`else`
`1721`	`1702`	`this_privileges=ACL_ALL_RIGHTS_RELATION;`
`1722`	`1703`	`}`
`@@ -1752,16 +1733,6 @@ ExecGrant_Relation(InternalGrant *istmt)`
`1752`	`1733`	`this_privileges &= (AclMode)ACL_ALL_RIGHTS_SEQUENCE;`
`1753`	`1734`	`}`
`1754`	`1735`	`}`
`1755`		`-elseif (pg_class_tuple->relkind==RELKIND_FOREIGN_TABLE)`
`1756`		`-{`
`1757`		`-if (this_privileges& ~((AclMode)ACL_ALL_RIGHTS_FOREIGN_TABLE))`
`1758`		`-{`
`1759`		`-ereport(ERROR,`
`1760`		`-(errcode(ERRCODE_INVALID_GRANT_OPERATION),`
`1761`		`-errmsg("foreign table \"%s\" only supports SELECT privileges",`
`1762`		`-NameStr(pg_class_tuple->relname))));`
`1763`		`-}`
`1764`		`-}`
`1765`	`1736`	`else`
`1766`	`1737`	`{`
`1767`	`1738`	`if (this_privileges& ~((AclMode)ACL_ALL_RIGHTS_RELATION))`
`@@ -1819,9 +1790,6 @@ ExecGrant_Relation(InternalGrant *istmt)`
`1819`	`1790`	`caseRELKIND_SEQUENCE:`
`1820`	`1791`	`old_acl=acldefault(ACL_OBJECT_SEQUENCE,ownerId);`
`1821`	`1792`	`break;`
`1822`		`-caseRELKIND_FOREIGN_TABLE:`
`1823`		`-old_acl=acldefault(ACL_OBJECT_FOREIGN_TABLE,ownerId);`
`1824`		`-break;`
`1825`	`1793`	`default:`
`1826`	`1794`	`old_acl=acldefault(ACL_OBJECT_RELATION,ownerId);`
`1827`	`1795`	`break;`
`@@ -1866,9 +1834,6 @@ ExecGrant_Relation(InternalGrant *istmt)`
`1866`	`1834`	`caseRELKIND_SEQUENCE:`
`1867`	`1835`	`aclkind=ACL_KIND_SEQUENCE;`
`1868`	`1836`	`break;`
`1869`		`-caseRELKIND_FOREIGN_TABLE:`
`1870`		`-aclkind=ACL_KIND_FOREIGN_TABLE;`
`1871`		`-break;`
`1872`	`1837`	`default:`
`1873`	`1838`	`aclkind=ACL_KIND_CLASS;`
`1874`	`1839`	`break;`
`@@ -1963,16 +1928,6 @@ ExecGrant_Relation(InternalGrant *istmt)`
`1963`	`1928`
`1964`	`1929`	`this_privileges &= (AclMode)ACL_SELECT;`
`1965`	`1930`	`}`
`1966`		`-elseif (pg_class_tuple->relkind==RELKIND_FOREIGN_TABLE&&`
`1967`		`-this_privileges& ~((AclMode)ACL_SELECT))`
`1968`		`-{`
`1969`		`-/* Foreign tables have the same restriction as sequences. */`
`1970`		`-ereport(WARNING,`
`1971`		`-(errcode(ERRCODE_INVALID_GRANT_OPERATION),`
`1972`		`-errmsg("foreign table \"%s\" only supports SELECT column privileges",`
`1973`		`-NameStr(pg_class_tuple->relname))));`
`1974`		`-this_privileges &= (AclMode)ACL_SELECT;`
`1975`		`-}`
`1976`	`1931`
`1977`	`1932`	`expand_col_privileges(col_privs->cols,relOid,`
`1978`	`1933`	`this_privileges,`
`@@ -3147,8 +3102,6 @@ static const char *const no_priv_msg[MAX_ACL_KIND] =`
`3147`	`3102`	`gettext_noop("permission denied for foreign-data wrapper %s"),`
`3148`	`3103`	`/* ACL_KIND_FOREIGN_SERVER */`
`3149`	`3104`	`gettext_noop("permission denied for foreign server %s"),`
`3150`		`-/* ACL_KIND_FOREIGN_TABLE */`
`3151`		`-gettext_noop("permission denied for foreign table %s"),`
`3152`	`3105`	`/* ACL_KIND_EXTENSION */`
`3153`	`3106`	`gettext_noop("permission denied for extension %s"),`
`3154`	`3107`	`};`
`@@ -3193,8 +3146,6 @@ static const char *const not_owner_msg[MAX_ACL_KIND] =`
`3193`	`3146`	`gettext_noop("must be owner of foreign-data wrapper %s"),`
`3194`	`3147`	`/* ACL_KIND_FOREIGN_SERVER */`
`3195`	`3148`	`gettext_noop("must be owner of foreign server %s"),`
`3196`		`-/* ACL_KIND_FOREIGN_TABLE */`
`3197`		`-gettext_noop("must be owner of foreign table %s"),`
`3198`	`3149`	`/* ACL_KIND_EXTENSION */`
`3199`	`3150`	`gettext_noop("must be owner of extension %s"),`
`3200`	`3151`	`};`
`@@ -3491,9 +3442,6 @@ pg_class_aclmask(Oid table_oid, Oid roleid,`
`3491`	`3442`	`caseRELKIND_SEQUENCE:`
`3492`	`3443`	`acl=acldefault(ACL_OBJECT_SEQUENCE,ownerId);`
`3493`	`3444`	`break;`
`3494`		`-caseRELKIND_FOREIGN_TABLE:`
`3495`		`-acl=acldefault(ACL_OBJECT_FOREIGN_TABLE,ownerId);`
`3496`		`-break;`
`3497`	`3445`	`default:`
`3498`	`3446`	`acl=acldefault(ACL_OBJECT_RELATION,ownerId);`
`3499`	`3447`	`break;`

`‎src/backend/parser/gram.y`

Lines changed: 0 additions & 8 deletions

Original file line number	Diff line number	Diff line change
`@@ -5408,14 +5408,6 @@ privilege_target:`
`5408`	`5408`	`n->objs =$3;`
`5409`	`5409`	`$$ = n;`
`5410`	`5410`	`}`
`5411`		`-\|FOREIGNTABLEqualified_name_list`
`5412`		`-{`
`5413`		`-PrivTarget n = (PrivTarget ) palloc(sizeof(PrivTarget));`
`5414`		`-n->targtype = ACL_TARGET_OBJECT;`
`5415`		`-n->objtype = ACL_OBJECT_FOREIGN_TABLE;`
`5416`		`-n->objs =$3;`
`5417`		`-$$ = n;`
`5418`		`-}`
`5419`	`5411`	`\|FUNCTIONfunction_with_argtypes_list`
`5420`	`5412`	`{`
`5421`	`5413`	`PrivTarget n = (PrivTarget ) palloc(sizeof(PrivTarget));`

`‎src/backend/utils/adt/acl.c`

Lines changed: 0 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -782,10 +782,6 @@ acldefault(GrantObjectType objtype, Oid ownerId)`
`782`	`782`	`world_default=ACL_NO_RIGHTS;`
`783`	`783`	`owner_default=ACL_ALL_RIGHTS_FOREIGN_SERVER;`
`784`	`784`	`break;`
`785`		`-caseACL_OBJECT_FOREIGN_TABLE:`
`786`		`-world_default=ACL_NO_RIGHTS;`
`787`		`-owner_default=ACL_ALL_RIGHTS_FOREIGN_TABLE;`
`788`		`-break;`
`789`	`785`	`default:`
`790`	`786`	`elog(ERROR,"unrecognized objtype: %d", (int)objtype);`
`791`	`787`	`world_default=ACL_NO_RIGHTS;/* keep compiler quiet */`

`‎src/include/nodes/parsenodes.h`

Lines changed: 0 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1282,7 +1282,6 @@ typedef enum GrantObjectType`
`1282`	`1282`	`ACL_OBJECT_DATABASE,/* database */`
`1283`	`1283`	`ACL_OBJECT_FDW,/* foreign-data wrapper */`
`1284`	`1284`	`ACL_OBJECT_FOREIGN_SERVER,/* foreign server */`
`1285`		`-ACL_OBJECT_FOREIGN_TABLE,/* foreign table */`
`1286`	`1285`	`ACL_OBJECT_FUNCTION,/* function */`
`1287`	`1286`	`ACL_OBJECT_LANGUAGE,/* procedural language */`
`1288`	`1287`	`ACL_OBJECT_LARGEOBJECT,/* largeobject */`

`‎src/include/utils/acl.h`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -150,7 +150,6 @@ typedef ArrayType Acl;`
`150`	`150`	`#defineACL_ALL_RIGHTS_DATABASE(ACL_CREATE\|ACL_CREATE_TEMP\|ACL_CONNECT)`
`151`	`151`	`#defineACL_ALL_RIGHTS_FDW(ACL_USAGE)`
`152`	`152`	`#defineACL_ALL_RIGHTS_FOREIGN_SERVER (ACL_USAGE)`
`153`		`-#defineACL_ALL_RIGHTS_FOREIGN_TABLE (ACL_SELECT)`
`154`	`153`	`#defineACL_ALL_RIGHTS_FUNCTION(ACL_EXECUTE)`
`155`	`154`	`#defineACL_ALL_RIGHTS_LANGUAGE(ACL_USAGE)`
`156`	`155`	`#defineACL_ALL_RIGHTS_LARGEOBJECT(ACL_SELECT\|ACL_UPDATE)`
`@@ -195,7 +194,6 @@ typedef enum AclObjectKind`
`195`	`194`	`ACL_KIND_TSCONFIGURATION,/* pg_ts_config */`
`196`	`195`	`ACL_KIND_FDW,/* pg_foreign_data_wrapper */`
`197`	`196`	`ACL_KIND_FOREIGN_SERVER,/* pg_foreign_server */`
`198`		`-ACL_KIND_FOREIGN_TABLE,/* pg_foreign_table */`
`199`	`197`	`ACL_KIND_EXTENSION,/* pg_extension */`
`200`	`198`	`MAX_ACL_KIND/* MUST BE LAST */`
`201`	`199`	`}AclObjectKind;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbe90032

File tree

6 files changed

6 files changed

`‎doc/src/sgml/ref/grant.sgml`

`‎src/backend/catalog/aclchk.c`

`‎src/backend/parser/gram.y`

`‎src/backend/utils/adt/acl.c`

`‎src/include/nodes/parsenodes.h`

`‎src/include/utils/acl.h`

0 commit comments