On 2011-12-01 22:14, Peter Eisentraut wrote:
On tor, 2011-12-01 at 14:37 +0100, Yeb Havinga wrote:
On 2011-11-29 18:47, Peter Eisentraut wrote:
On tis, 2011-11-29 at 07:07 +0200, Peter Eisentraut wrote:
On mån, 2011-11-28 at 11:41 +0100, Yeb Havinga wrote:
On 2011-11-15 21:50, Peter Eisentraut wrote:
Patch attached.
I cannot get the patch to apply, this is the output of patch -p1
--dry-run on HEAD.
I need to remerge it against concurrent range type activity.
New patch attached.
I'm looking at your patch. One thing that puzzled me for a while was
that I could not restrict access to base types (either built-in or user
defined). Is this intentional?
Works for me:
=# create user foo;
=# revoke usage on type int8 from public;
=# \c - foo
=> create table test1 (a int4, b int8);
ERROR: permission denied for type bigint
Hmm even though I have 'revoke all on type int2 from public' in my psql
history, I cannot repeat what I think was happening yesterday. Probably
I was still superuser in the window I was testing with, but will never
no until time travel is invented. Or maybe I tested with a cast.
Using a cast, it is possible to create a table with a code path through
OpenIntoRel:
session 1:
t=# revoke all on type int2 from public;
session2 :
t=> create table t2 (a int2);
ERROR: permission denied for type smallint
t=> create table t as (select 1::int2 as a);
SELECT 1
t=> \d t
Table "public.t"
Column | Type | Modifiers
--------+----------+-----------
a | smallint |
t=>
Something different: as non superuser I get this error when restricting
a type I don't own:
t=> revoke all on type int2 from public;
ERROR: unrecognized objkind: 6
My current time is limited but I will be able to look more at the patch
in a few more days.
regards,
Yeb Havinga
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
