diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2009-10-23 05:24:52 +0000 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2009-10-23 05:24:52 +0000 |
| commit | 76d8883c8e3647ac2f7ff3c48226a25b1fd7888b (patch) | |
| tree | 9f3199b99a0558a25d8ee04d7f8207ef6ecaced4 /src | |
| parent | ab61df9e527dcedbd3bbefbcb8b634b0b72f2ad5 (diff) | |
| download | postgresql-76d8883c8e3647ac2f7ff3c48226a25b1fd7888b.tar.gz | |
When querying a table with child tables, do not check permissions on the
child tables. This was found to be useless and confusing in virtually all
cases, and also contrary to the SQL standard.
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/optimizer/prep/prepunion.c | 3 | ||||
| -rw-r--r-- | src/test/regress/expected/privileges.out | 21 | ||||
| -rw-r--r-- | src/test/regress/sql/privileges.sql | 7 |
3 files changed, 22 insertions, 9 deletions
diff --git a/src/backend/optimizer/prep/prepunion.c b/src/backend/optimizer/prep/prepunion.c index 2f43e32738..e4fe0db547 100644 --- a/src/backend/optimizer/prep/prepunion.c +++ b/src/backend/optimizer/prep/prepunion.c @@ -22,7 +22,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/optimizer/prep/prepunion.c,v 1.176 2009/10/12 18:10:48 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/optimizer/prep/prepunion.c,v 1.177 2009/10/23 05:24:52 petere Exp $ * *------------------------------------------------------------------------- */ @@ -1244,6 +1244,7 @@ expand_inherited_rtentry(PlannerInfo *root, RangeTblEntry *rte, Index rti) childrte = copyObject(rte); childrte->relid = childOID; childrte->inh = false; + childrte->requiredPerms = 0; /* do not require permissions on child tables */ parse->rtable = lappend(parse->rtable, childrte); childRTindex = list_length(parse->rtable); diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out index 16b5581316..4decb2b07a 100644 --- a/src/test/regress/expected/privileges.out +++ b/src/test/regress/expected/privileges.out @@ -406,11 +406,22 @@ SELECT fx FROM atestp2; -- ok ---- (0 rows) -SELECT fy FROM atestp2; -- fail, no privilege on atestc.fy -ERROR: permission denied for relation atestc -SELECT atestp2 FROM atestp2; -- fail, no privilege on atestc.fy -ERROR: permission denied for relation atestc -SELECT oid FROM atestp2; -- fail, no privilege on atestc.oid +SELECT fy FROM atestp2; -- ok + fy +---- +(0 rows) + +SELECT atestp2 FROM atestp2; -- ok + atestp2 +--------- +(0 rows) + +SELECT oid FROM atestp2; -- ok + oid +----- +(0 rows) + +SELECT fy FROM atestc; -- fail ERROR: permission denied for relation atestc SET SESSION AUTHORIZATION regressuser1; GRANT SELECT(fy,oid) ON atestc TO regressuser2; diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql index 943fe364b7..d4f728205f 100644 --- a/src/test/regress/sql/privileges.sql +++ b/src/test/regress/sql/privileges.sql @@ -277,9 +277,10 @@ GRANT SELECT(fx) ON atestc TO regressuser2; SET SESSION AUTHORIZATION regressuser2; SELECT fx FROM atestp2; -- ok -SELECT fy FROM atestp2; -- fail, no privilege on atestc.fy -SELECT atestp2 FROM atestp2; -- fail, no privilege on atestc.fy -SELECT oid FROM atestp2; -- fail, no privilege on atestc.oid +SELECT fy FROM atestp2; -- ok +SELECT atestp2 FROM atestp2; -- ok +SELECT oid FROM atestp2; -- ok +SELECT fy FROM atestc; -- fail SET SESSION AUTHORIZATION regressuser1; GRANT SELECT(fy,oid) ON atestc TO regressuser2; |