Re: ExecutorCheckPerms() hook

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: ExecutorCheckPerms() hook
Date: 2010-07-22 01:04:41
Message-ID: 20100722010441.GI21875@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* KaiGai Kohei (kaigai(at)ak(dot)jp(dot)nec(dot)com) wrote:
> We can find out a similar case in CreateTrigger().
> If I was granted TRIGGER privilege on a certain table, I can create a new
> trigger on the table without its ownership. More commonly, it allows us
> to modify a certain property of the table without its ownership.

TRIGGER is hardly the same as REFERENCES. If we invented a new priv, it
would be more like 'FK_CREATE'.

> Perhaps, if SQL permission would be more fine-grained, for example,
> "RENAME" permission might control RENAME TO statement, rather than
> its ownership.

This wouldn't actually be any more fine-grained, it'd just be adding
rights on to an existing priv, which I think is a wholly *bad* idea.

> What is the reason why we check its ownership here, although we already
> have REFERENCES permission to control ADD FOREIGN KEY?

REFERENCES is needed on the REFERENCED table, ownership is needed on the
REFERENCING table. They're not the same..

We only allow owners of objects to change the structure of those
objects. Adding a FK to another table doesn't really change the
structure of the referenced table. Adding a FK does though, imv.

Thanks,

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2010-07-22 01:08:23 Re: ExecutorCheckPerms() hook
Previous Message Stephen Frost 2010-07-22 01:02:15 Re: ExecutorCheckPerms() hook