Re: pgsql: Add pg_get_acl() to get the ACL for a database object

On Thu, Jul 4, 2024, at 17:44, Tom Lane wrote:
> Michael Paquier <michael(at)paquier(dot)xyz> writes:
>> Add pg_get_acl() to get the ACL for a database object
>> This function returns the ACL for a database object, specified by
>> catalog OID and object OID.
>
> Uh, why is it defined like that rather than allowing a subobject?
> This definition is unable to fetch column-specific ACLs.

Good point, that's surely an important missing feature,
that I hadn't thought about up until now.
Probably because all object classes, except columns, don't have subobjects.

I wonder if it would be motivated to provide overloads for this function,
and perhaps even for pg_get_object_address and pg_identify_object_as_address?

That is, two param versions (class OID and object OID),
and three param versions that in addition also take subobject ID.

Why I think this could be motivated, is since during discussion,
some even wanted reg* overloads, to avoid having to pass the class OID.

As a middle ground, maybe users would appreciate if they at least
didn't have pass in the extra 0, since it's meaningless anyway,
most of the times (for all classes except columns)?

Anyway, that's just an idea. We still need support for subobject,
so I had a look on how to implement it.

Unfortunately, the AlterObjectOwner_internal function in alter.c,
which pg_get_acl in objectaddress.c is based upon,
doesn't deal with subobjects.

I found some code in aclchk.c on line 4452-4468 that seems useful,
but not sure. Maybe there is some other existing code that is better
as an inspiration?

I guess we need to handle the RelationRelationId separately,
and handle all other classes using the current code in pg_get_acl()?

Regards,
Joel