On 2011-12-12 20:53, Peter Eisentraut wrote:
On sön, 2011-12-11 at 21:21 +0200, Peter Eisentraut wrote:
* Cannot restrict access to array types. After revoking usage from the
element type, the error is perhaps a bit misleading. (smallint[] vs
smallint)
postgres=> create table a (a int2[]);
ERROR: permission denied for type smallint[]
OK, that error message should be improved.
Fixing this is easy, but I'd like to look into refactoring this a bit.
Let's ignore that for now; it's easy to do later.
My experience with ignoring things for now is not positive.
* The information schema view 'attributes' has this additional condition:
AND (pg_has_role(t.typowner, 'USAGE')
OR has_type_privilege(t.oid, 'USAGE'));
What happens is that attributes in a composite type are shown, or not,
if the current user has USAGE rights. The strange thing here, is that
the attribute in the type being show or not, doesn't match being able to
use it (in the creation of e.g. a table).
Yeah, that's a bug. That should be something like
AND (pg_has_role(c.relowner, 'USAGE')
OR has_type_privilege(c.reltype, 'USAGE'));
And fix for that included.
Confirmed that this now works as expected.
I have no remarks on the other parts of the patch code.
After puzzling a bit more with the udt and usage privileges views, it is
clear that they should complement each other. That might be reflected by
adding to the 'usage_privileges' section a link back to the
'udt_privileges' section.
I have no further comments on this patch.
regards,
Yeb Havinga
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
