Re: New patch for Column-level privileges

KaiGai,

* KaiGai Kohei (kaigai(at)ak(dot)jp(dot)nec(dot)com) wrote:
> The attached patch put invocations of markColumnForSelectPriv()
> at transformJoinUsingClause() to mark those columns are used.

Thanks for the update!

Attached is a patch which:

- incorporates KaiGai's latest patches to deal with JOINs and
NATURAL JOINs

- adds regression tests following Tom's suggestion to check
whole-row vars in the face of column add/deletes

- adds regression tests for NATURAL JOIN and successful JOINs
with table sub-sets

- reworks pg_attribute_aclmask() to remove the looping component

- adds a new pg_attribute_aclcheck_all() to handle the ANY/ALL
needs of execMain and the looping

- removes special handling of system columns, they can still be
granted/revoked, but they won't be included in ANY/ALL tests and a
table-wide REVOKE won't affect them. After thinking about it for a
while, I felt this was the most sensible compromise between code
complexity, following the SQL spec, and user freedom.

- split out adding column revokes for table-level commands into a
add_col_revokes function to clean up ExecGrant_Relation a bit.

- when handling table-level revokes, skips over columns which do not
have an ACL defined, since it clearly has no effect except to force
creation of a default ACL that's just clutter.

Comments, testing, etc, most appreciated!

Thanks,

Stephen