Xiang Sheng created HAWQ-1329: --------------------------------- Summary: pg_catalog view fallback failed Key: HAWQ-1329 URL: https://issues.apache.org/jira/browse/HAWQ-1329 Project: Apache HAWQ Issue Type: Sub-task Components: Security Reporter: Xiang Sheng Assignee: Ed Espino Fix For: 2.2.0.0-incubating
in current code {code} if (objkind == ACL_KIND_CLASS) { char relstorage = get_rel_relstorage(obj_oid); if (relstorage == 'h') { return true; } } {code} This just fallback pg_catalog.tables, does not fallback pg_catalog.views. Because the relstorage of pg_catalog.view is 'v', not 'h'. So we should fix it to fallback the privileges request use the following condition. {code} if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == information_schema_namespcace_oid || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE || namespaceid == PG_BITMAPINDEX_NAMESPACE) {code} reproduce: 1. psql -d postgres 2. set log_min_messages='DEBUG3'; 3. SELECT setting FROM pg_settings WHERE name='client_min_messages'; Can see the json request: {code} 2017-02-13 16:43:37.908980 CST,"xsheng","postgres",p21556,th2021810176,"[local]",,2017-02-13 15:07:36 CST,25538,con13,cmd92,seg-10000,,,x25538,sx1,"DEBUG3","00000","send json request to ranger : { ""requestId"": ""40"", ""user" ": ""xsheng"", ""clientIp"": ""127.0.0.1"", ""context"": ""SELECT setting FROM pg_settings WHERE name='client_min_messages'\n;"", ""access"": [ { ""resource"": { ""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table"" : ""pg_settings"" }, ""privileges"": [ ""select"" ] }, { ""resource"": { ""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table"": ""pg_settings_gpsql"" }, ""privileges"": [ ""select"" ] } ] }",,,,,,"SELECT setting FRO M pg_settings WHERE name='client_min_messages';",0,,"rangerrest.c",454, {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346)