| From: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [sepgsql 2/3] Add db_schema:search permission checks |
| Date: | 2013-01-15 20:28:23 |
| Message-ID: | CADyhKSXatv4JHCVaPawXO7UXWRr-W-sn5r2a_GgLJDvt8j2jDA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
This patch adds sepgsql support for permission checks equivalent
to the existing SCHEMA USE privilege.
This feature is constructed on new OAT_SCHEMA_SEARCH event
type being invoked around pg_namespace_aclcheck().
So, its expected behavior also follows the behavior of existing
permissions; unprivileged schema is ignored from the search path,
or raise an error if object name is fully qualified.
This patch needs src/backend/catalog/objectaccess.c is existing,
so please apply this patch on top of this feature.
https://commitfest.postgresql.org/action/patch_view?id=1003
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| Attachment | Content-Type | Size |
|---|---|---|
| sepgsql-v9.3-schema-search-permission.v1.patch | application/octet-stream | 45.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Browne | 2013-01-15 20:37:07 | Re: [PATCH] COPY .. COMPRESSED |
| Previous Message | Sergey Koposov | 2013-01-15 20:26:49 | Re: Curious buildfarm failures (fwd) |