On Mon, Sep 28, 2020 at 7:48 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > Bharath Rupireddy <bharath.rupireddyforpostg...@gmail.com> writes: > > In case of CTAS with no data, we actually do not insert the tuples > > into the created table, so we can skip checking for the insert > > permissions. Anyways, the insert permissions will be checked when the > > tuples are inserted into the table. > > I'd argue this is wrong. You don't get to skip permissions checks > in ordinary queries just because, say, there's a LIMIT 0 on the > query. >
Right, when there's a select with limit 0 clause, we do check for the select permissions. But my point is, we don't check insert permissions(or select or update etc.) when we create a plain table using CREATE TABLE test_tbl(a1 INT). Of course, we do check create permissions. Going by the similar point, shouldn't we also check only create permission(which is already being done as part of DefineRelation) and skip the insert permission(the change this patch does) for the new table being created as part of CREATE TABLE test_tbl AS SELECT * FROM test_tbl2? However select permission will be checked for test_tbl2. The insert permissions will be checked anyways before inserting rows into the table created in CTAS. With Regards, Bharath Rupireddy. EnterpriseDB: http://www.enterprisedb.com
