* otherwise there'd still be a security hole.
*/
if (strcmp(def->defname, "filename") == 0 &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("only superuser or a member of the pg_read_server_files role may specify the filename option of a file_fdw foreign table")));
+ errmsg("only superuser or a role with privileges of the pg_read_server_files role may specify the filename option of a file_fdw foreign table")));
if (strcmp(def->defname, "program") == 0 &&
- !is_member_of_role(GetUserId(), ROLE_PG_EXECUTE_SERVER_PROGRAM))
+ !has_privs_of_role(GetUserId(), ROLE_PG_EXECUTE_SERVER_PROGRAM))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("only superuser or a member of the pg_execute_server_program role may specify the program option of a file_fdw foreign table")));
+ errmsg("only superuser or a role with privileges of the pg_execute_server_program role may specify the program option of a file_fdw foreign table")));
filename = defGetString(def);
}
By default, the pg_backend_memory_contexts view can be
- read only by superusers or members of the pg_read_all_stats
- role.
+ read only by superusers or roles with the privileges of the
+ pg_read_all_stats role.
Configuration file the current value was set in (null for
values set from sources other than configuration files, or when
- examined by a user who is neither a superuser or a member of
+ examined by a user who neither is a superuser nor has privileges of
pg_read_all_settings); helpful when using
include directives in configuration files
Line number within the configuration file the current value was
set at (null for values set from sources other than configuration files,
- or when examined by a user who is neither a superuser or a member of
+ or when examined by a user who neither is a superuser nor has privileges of
pg_read_all_settings).
By default, the pg_shmem_allocations view can be
- read only by superusers or members of the pg_read_all_stats
- role.
+ read only by superusers or roles with privileges of the
+ pg_read_all_stats role.
Cancels the current query of the session whose backend process has the
specified process ID. This is also allowed if the
calling role is a member of the role whose backend is being canceled or
- the calling role has been granted pg_signal_backend,
+ the calling role has privileges of pg_signal_backend,
however only superusers can cancel superuser backends.
Terminates the session whose backend process has the
specified process ID. This is also allowed if the calling role
is a member of the role whose backend is being terminated or the
- calling role has been granted pg_signal_backend,
+ calling role has privileges of pg_signal_backend,
however only superusers can terminate superuser backends.
Computes the total disk space used by the database with the specified
name or OID. To use this function, you must
have CONNECT privilege on the specified database
- (which is granted by default) or be a member of
+ (which is granted by default) or have privileges of
the pg_read_all_stats role.
Computes the total disk space used in the tablespace with the
specified name or OID. To use this function, you must
have CREATE privilege on the specified tablespace
- or be a member of the pg_read_all_stats role,
+ or have privileges of the pg_read_all_stats role,
unless it is the default tablespace for the current database.
a dot, directories, and other special files are excluded.
- This function is restricted to superusers and members of
+ This function is restricted to superusers and roles with privileges of
the pg_monitor role by default, but other users can
be granted EXECUTE to run the function.
are excluded.
- This function is restricted to superusers and members of
+ This function is restricted to superusers and roles with privileges of
the pg_monitor role by default, but other users can
be granted EXECUTE to run the function.
(sessions belonging to a role that they are a member of). In rows about
other sessions, many columns will be null. Note, however, that the
existence of a session and its general properties such as its sessions user
- and database are visible to all users. Superusers and members of the
+ and database are visible to all users. Superusers and roles with privileges of
built-in role
pg_read_all_stats (see also
linkend="predefined-roles"/>) can see all the information about all sessions.
- By default, use is restricted to superusers and members of the
+ By default, use is restricted to superusers and roles with privileges of the
pg_monitor role. Access may be granted to others
using GRANT.
- By default use is restricted to superusers and members of the
+ By default use is restricted to superusers and roles with privileges of the
pg_stat_scan_tables role. Access may be granted to others
using GRANT.
- By default use is restricted to superusers, members of the
+ By default use is restricted to superusers, roles with privileges of the
pg_stat_scan_tables role, and users with
SELECT permissions on the table.
- For security reasons, only superusers and members of the
+ For security reasons, only superusers and roles with privileges of the
pg_read_all_stats role are allowed to see the SQL text and
queryid of queries executed by other users.
Other users can see the statistics, however, if the view has been installed
- By default, these functions are executable only by superusers and members of the
- pg_stat_scan_tables role, with the exception of
+ By default, these functions are executable only by superusers and roles with privileges
+ of the pg_stat_scan_tables role, with the exception of
pg_truncate_visibility_map(relation regclass) which can only
be executed by superusers.
{
if (stmt->is_program)
{
- if (!is_member_of_role(GetUserId(), ROLE_PG_EXECUTE_SERVER_PROGRAM))
+ if (!has_privs_of_role(GetUserId(), ROLE_PG_EXECUTE_SERVER_PROGRAM))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be superuser or a member of the pg_execute_server_program role to COPY to or from an external program"),
+ errmsg("must be superuser or have privileges of the pg_execute_server_program role to COPY to or from an external program"),
errhint("Anyone can COPY to stdout or from stdin. "
"psql's \\copy command also works for anyone.")));
}
else
{
- if (is_from && !is_member_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
+ if (is_from && !has_privs_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be superuser or a member of the pg_read_server_files role to COPY from a file"),
+ errmsg("must be superuser or have privileges of the pg_read_server_files role to COPY from a file"),
errhint("Anyone can COPY to stdout or from stdin. "
"psql's \\copy command also works for anyone.")));
- if (!is_from && !is_member_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
+ if (!is_from && !has_privs_of_role(GetUserId(), ROLE_PG_WRITE_SERVER_FILES))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be superuser or a member of the pg_write_server_files role to COPY to a file"),
+ errmsg("must be superuser or have privileges of the pg_write_server_files role to COPY to a file"),
errhint("Anyone can COPY to stdout or from stdin. "
"psql's \\copy command also works for anyone.")));
}
/* Fetch values */
values[0] = Int32GetDatum(pid);
- if (!is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
+ if (!has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
/*
- * Only superusers and members of pg_read_all_stats can see details.
- * Other users only get the pid value to know whether it is a WAL
- * receiver, but no details.
+ * Only superusers and roles with privileges of pg_read_all_stats
+ * can see details. Other users only get the pid value to know whether
+ * it is a WAL receiver, but no details.
*/
MemSet(&nulls[1], true, sizeof(bool) * (tupdesc->natts - 1));
}
memset(nulls, 0, sizeof(nulls));
values[0] = Int32GetDatum(pid);
- if (!is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
+ if (!has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
/*
- * Only superusers and members of pg_read_all_stats can see
- * details. Other users only get the pid value to know it's a
- * walsender, but no details.
+ * Only superusers and roles with privileges of pg_read_all_stats
+ * can see details. Other users only get the pid value to know
+ * it's a walsender, but no details.
*/
MemSet(&nulls[1], true, PG_STAT_GET_WAL_SENDERS_COLS - 1);
}
* Is member a member of role (directly or indirectly)?
*
* This is defined to recurse through roles regardless of rolinherit.
+ *
+ * Do not use this for privilege checking, instead use has_privs_of_role()
*/
bool
is_member_of_role(Oid member, Oid role)
*
* This is identical to is_member_of_role except we ignore superuser
* status.
+ *
+ * Do not use this for privilege checking, instead use has_privs_of_role()
*/
bool
is_member_of_role_nosuper(Oid member, Oid role)
AclResult aclresult;
/*
- * User must have connect privilege for target database or be a member of
+ * User must have connect privilege for target database or have privileges of
* pg_read_all_stats
*/
aclresult = pg_database_aclcheck(dbOid, GetUserId(), ACL_CONNECT);
if (aclresult != ACLCHECK_OK &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
aclcheck_error(aclresult, OBJECT_DATABASE,
get_database_name(dbOid));
AclResult aclresult;
/*
- * User must be a member of pg_read_all_stats or have CREATE privilege for
+ * User must have privileges of pg_read_all_stats or have CREATE privilege for
* target tablespace, either explicitly granted or implicitly because it
* is default for current database.
*/
if (tblspcOid != MyDatabaseTableSpace &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS))
{
aclresult = pg_tablespace_aclcheck(tblspcOid, GetUserId(), ACL_CREATE);
if (aclresult != ACLCHECK_OK)
canonicalize_path(filename); /* filename can change length here */
/*
- * Members of the 'pg_read_server_files' role are allowed to access any
- * files on the server as the PG user, so no need to do any further checks
+ * Roles with privleges of the 'pg_read_server_files' role are allowed to access
+ * any files on the server as the PG user, so no need to do any further checks
* here.
*/
- if (is_member_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
+ if (has_privs_of_role(GetUserId(), ROLE_PG_READ_SERVER_FILES))
return filename;
/*
#define UINT32_ACCESS_ONCE(var) ((uint32)(*((volatile uint32 *)&(var))))
-#define HAS_PGSTAT_PERMISSIONS(role) (is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
+#define HAS_PGSTAT_PERMISSIONS(role) (has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_STATS) || has_privs_of_role(GetUserId(), role))
Datum
pg_stat_get_numscans(PG_FUNCTION_ARGS)
return NULL;
if (restrict_privileged &&
(record->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"",
+ errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"",
name)));
switch (record->vartype)
record = find_option(name, false, false, ERROR);
Assert(record != NULL);
if ((record->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"",
+ errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"",
name)));
switch (record->vartype)
if ((conf->flags & GUC_NO_SHOW_ALL) ||
((conf->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
continue;
/* assign to the values array */
/* return only options visible to the current user */
if ((conf->flags & GUC_NO_SHOW_ALL) ||
((conf->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
continue;
/* return only options that are different from their boot values */
}
if ((record->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be superuser or a member of pg_read_all_settings to examine \"%s\"",
+ errmsg("must be superuser or have privileges of pg_read_all_settings to examine \"%s\"",
name)));
if (varname)
{
if ((conf->flags & GUC_NO_SHOW_ALL) ||
((conf->flags & GUC_SUPERUSER_ONLY) &&
- !is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
+ !has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS)))
*noshow = true;
else
*noshow = false;
* insufficiently-privileged users.
*/
if (conf->source == PGC_S_FILE &&
- is_member_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
+ has_privs_of_role(GetUserId(), ROLE_PG_READ_ALL_SETTINGS))
{
values[14] = conf->sourcefile;
snprintf(buffer, sizeof(buffer), "%d", conf->sourceline);
SET SESSION AUTHORIZATION regress_role_nopriv;
-- fails with role not member of pg_read_all_settings
SHOW session_preload_libraries;
-ERROR: must be superuser or a member of pg_read_all_settings to examine "session_preload_libraries"
+ERROR: must be superuser or have privileges of pg_read_all_settings to examine "session_preload_libraries"
RESET SESSION AUTHORIZATION;
ERROR: current transaction is aborted, commands ignored until end of transaction block
ROLLBACK;
projects / postgresql.git / commitdiff