| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: MERGE ... DO NOTHING: require SELECT privileges |
| Date: | 2024-02-21 16:21:25 |
| Message-ID: | E1rcpLX-000BJs-Sy@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
MERGE ... DO NOTHING: require SELECT privileges
Verify that a user running MERGE with a DO NOTHING clause has
privileges to read the table, even if no columns are referenced. Such
privileges were already required if the ON clause or any of the WHEN
conditions referenced any column at all, so there's no functional change
in practice.
This change fixes an assertion failure in the case where no column is
referenced by the command and the WHEN clauses are all DO NOTHING.
Backpatch to 15, where MERGE was introduced.
Reported-by: Alena Rybakina <a(dot)rybakina(at)postgrespro(dot)ru>
Reported-by: Alexander Lakhin <exclusion(at)gmail(dot)com>
Discussion: https://postgr.es/m/4d65a385-7efa-4436-a825-0869f89d9d92@postgrespro.ru
Branch
------
REL_15_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/90ad85db6a4e06c517c72de84e725c0222e0c529
Modified Files
--------------
src/backend/parser/parse_merge.c | 7 ++++++-
src/test/regress/expected/merge.out | 10 ++++++++++
src/test/regress/sql/merge.sql | 11 +++++++++++
3 files changed, 27 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-02-21 23:23:30 | pgsql: Remove superfluous 'pgprocno' field from PGPROC |
| Previous Message | Daniel Gustafsson | 2024-02-21 08:22:48 | pgsql: doc: Fix link to pg_ident_file_mappings view |