Re: alter user/role CURRENT_USER

From: Rushabh Lathia <rushabh(dot)lathia(at)gmail(dot)com>
To: Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>
Cc: adam(dot)brightwell(at)crunchydatasolutions(dot)com, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: alter user/role CURRENT_USER
Date: 2014-10-27 05:46:12
Message-ID: CAGPqQf2COCK-2n2VA8aHqyEOTebqqFUVuEHFriVowpsaxGZ=FA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Thanks Kyotaro,

I just did quickly looked at the patch and it does cover more syntax then
earlier patch. But still if doesn't not cover the all the part of syntax
where
we can use CURRENT_USER/CURRENT_ROLE/USER/SESSION_USER. For example:

-- Not working
alter default privileges for role current_user grant SELECT ON TABLES TO
current_user ;

-- Not working
grant user1 TO current_user;

Their might few more syntax like this.

I understand that patch is sightly getting bigger and complex then what it
was
originally proposed. Before going back to more review on latest patch I
would
like to understand the requirement of this new feature. Also would like
others
to comment on where/how we should restrict this feature ?

On Fri, Oct 24, 2014 at 1:59 PM, Kyotaro HORIGUCHI <
horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp> wrote:

> Hi, here is the revised patch.
>
> Attached files are the followings
>
> - 0001-ALTER-ROLE-CURRENT_USER_v2.patch - the patch.
>
> - testset.tar.bz2 - test set. Run by typing 'make check' as a
> superuser of the running postgreSQL server. It creates "testdb"
> and some roles.
>
> Documents are not edited this time.
>
> ----
>
> Considering your comments, I found more points to modify.
>
> - CREATE SCHEMA (IF NOT EXISTS) .. AUTHORIZATION <role> ...
>
> - ALTER AGGREAGE/COLLATION/etc... OWNER TO <role>
>
> - CREATE/ALTER/DROP USER MAPPING FOR <role> SERVER ..
>
> GRANT/REVOKE also takes role as an arguemnt but CURRENT_USER and
> the similar keywords seem to be useless for them.
>
> Finally, the new patch modifies the following points.
>
> In gram.y,
>
> - RoleId's are replaced with RoleId_or_curruser in more places.
> It accepts CURRENT_USER/USER/CURRENT_ROLE/SESSION_USER.
>
> - ALTER USER ALL syntax is added. (not changed from the previous patch)
>
> - The non-terminal auth_ident now uses RoleId_or_curruser
> instead of RoleId. This affects CREATE/ALTER/DROP USER MAPPING
>
> In user.c, new function ResolveRoleId() is added and used for all
> role ID resolutions that correspond to the syntax changes in
> parser. It is AlterRole() in user.c.
>
> In foreigncmds.c, GetUserOidFromMapping() is removed and
> ResolveRoleId is used instead.
>
> In alter.c and tablecmds.c, all calls to get_role_oid()
> correspond the the grammer change were replaced with
> ResolveRoleId().
>
> The modifications are a bit complicated so I provided a
> comprehensive test set.
>
>
> regards,
>
> --
> Kyotaro Horiguchi
> NTT Open Source Software Center
>

--
Rushabh Lathia

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Rushabh Lathia 2014-10-27 06:15:40 Re: CINE in CREATE TABLE AS ... and CREATE MATERIALIZED VIEW ...
Previous Message Jim Nasby 2014-10-27 04:12:10 Re: [HACKERS] ltree::text not immutable?