| From: | Peter Geoghegan <pg(at)bowt(dot)ie> |
|---|---|
| To: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
| Cc: | Craig Ringer <craig(at)2ndquadrant(dot)com>, Kevin Grittner <kgrittn(at)gmail(dot)com>, Marko Tiikkaja <marko(at)joh(dot)to>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PG10 transition tables, wCTEs and multiple operations on the same table |
| Date: | 2017-06-07 00:19:28 |
| Message-ID: | CAH2-WzkGw6YGPTvQeJRRaeNh=LEQxeqAWsX4vdynca8bc+oquQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Jun 6, 2017 at 5:01 PM, Peter Geoghegan <pg(at)bowt(dot)ie> wrote:
> Also, ISTM that the code within ENRMetadataGetTupDesc() probably
> requires more explanation, resource management wise.
Also, it's not clear why it should be okay that the new type of
ephemeral RTEs introduced don't have permissions checks. There are
currently cases where the user cannot see data that they inserted
themselves (e.g., through RETURNING), on the theory that a before row
trigger might have modified the final contents of the tuple in a way
that the original inserter isn't supposed to know details about.
As the INSERT docs say, "Use of the RETURNING clause requires SELECT
privilege on all columns mentioned in RETURNING". Similarly, the
excluded.* pseudo-relation requires select privilege (on the
corresponding target relation columns) in order to be usable by ON
CONFLICT DO UPDATE.
--
Peter Geoghegan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2017-06-07 00:20:56 | Coverage improvements of src/bin/pg_basebackup and pg_receivewal --endpos |
| Previous Message | Kevin Grittner | 2017-06-07 00:04:25 | Re: GSoC 2017 : Proposal for predicate locking in gist index |