Re: SQL/MED - file_fdw

From: Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Shigeru HANADA <hanada(at)metrosystems(dot)co(dot)jp>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: SQL/MED - file_fdw
Date: 2010-12-17 02:00:00
Message-ID: AANLkTinh2i7kcPa+WbTjDGWneFdR+Q=m4yszt6CCzUy8@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Thu, Dec 16, 2010 at 23:09, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> I believe that our project policy is that permissions checks must be
> done at execution time, not parse/plan time.

Oops, yes. I should have said "permission checks for foreign tables
should have done in their own execution". So, additional checks in
each FDW are not required eventually.

In addition, we allow users to read the definition of the columns and
default values even if they don't have SELECT permission. So, I still
think permission checks for the template relation are not required in
the file reader API. But we need the checks in COPY FROM command because
the relation is used not only as a template but also as a target.

=> SELECT * FROM tbl;
ERROR: permission denied for relation tbl
=> \d+ tbl
Table "public.tbl"
Column | Type | Modifiers | Storage | Description
--------+---------+-----------+---------+-------------
i | integer | | plain |
j | integer | default 5 | plain |
Has OIDs: no

--
Itagaki Takahiro

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Hitoshi Harada 2010-12-17 02:31:51 Re: range intervals in window function frames
Previous Message bricklen 2010-12-17 00:19:48 Re: ALTER TABLE ... REPLACE WITH