diff options
| author | Bruce Momjian <bruce@momjian.us> | 2000-06-09 15:51:02 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2000-06-09 15:51:02 +0000 |
| commit | 85add42a570cdb4be2d674e62535eb54b4dcd5cf (patch) | |
| tree | dbf157f4e38ff97df572bda2244d7280338bf541 /src/backend/tcop | |
| parent | a672e9650abcc9a08df06dd075a884543f3d87f3 (diff) | |
| download | postgresql-85add42a570cdb4be2d674e62535eb54b4dcd5cf.tar.gz | |
I have large database and with this DB work more users and I very need
more restriction for fretful users. The current PG allow define only
NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need
NO-CREATE-TABLE and NO-LOCK-TABLE.
This patch add to current code NOCREATETABLE and NOLOCKTABLE feature:
CREATE USER username
[ WITH
[ SYSID uid ]
[ PASSWORD 'password' ] ]
[ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
-> [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ]
...etc.
If CREATETABLE or LOCKTABLE is not specific in CREATE USER command,
as default is set CREATETABLE or LOCKTABLE (true).
A user with NOCREATETABLE restriction can't call CREATE TABLE or
SELECT INTO commands, only create temp table is allow for him.
Karel
Diffstat (limited to 'src/backend/tcop')
| -rw-r--r-- | src/backend/tcop/pquery.c | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/backend/tcop/pquery.c b/src/backend/tcop/pquery.c index aa2b8e2c06..8fec7766a4 100644 --- a/src/backend/tcop/pquery.c +++ b/src/backend/tcop/pquery.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.32 2000/06/04 22:08:53 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.33 2000/06/09 15:50:46 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -20,6 +20,9 @@ #include "executor/executor.h" #include "tcop/pquery.h" #include "utils/ps_status.h" +#include "catalog/pg_shadow.h" +#include "miscadmin.h" +#include "utils/syscache.h" static char *CreateOperationTag(int operationType); static void ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset, @@ -250,6 +253,23 @@ ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset, Node *limcount) else if (parseTree->into != NULL) { /* select into table */ + + if (!parseTree->isTemp) { + HeapTuple tup; + + /* ---------- + * Check pg_shadow for global createTable setting + * ---------- + */ + tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0); + + if (!HeapTupleIsValid(tup)) + elog(ERROR, "ProcessQueryDesc: look at pg_shadow failed"); + + if (!((Form_pg_shadow) GETSTRUCT(tup))->usecreatetable) + elog(ERROR, "SELECT INTO TABLE: permission denied"); + } + isRetrieveIntoRelation = true; } |