- table/view.
- specific table.
- table.
- Delete rows from a specific table.
- (See CREATE RULE statement).
- Grant all privileges.
- The name of an object to which to grant access.
- A short form representing all users.
- representing all users.
- Message returned if successful.
- to give privileges to the specified group or users.
+GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
+ an object (table, view, sequence) to a user or a group of users.
+ be created later.
+ unless the creator grants permissions, after the object is created.
- that privilege.
+ specified table.
+ Allows the creation of a rule on the table/view. (See
+ linkend="sql-createrule"> statement).
+
+
+
+
+
+ REFERENCES
+
+ To create of a table with a foreign key constraint, it is
+ necessary to have this privilege on the table with the primary
+ key.
+
+
+
+
+
+ TRIGGER
+
+ Allows the creation of a trigger on the specified table. (See
+ statement).
+
+
+
+
+
+ ALL PRIVILEGES
+
+ Grant all of the above privileges at once. The
+ PRIVILEGES key word is optional, but it is
+ required by strict SQL.
+
+
+
+
+
+ The privileges required by other commands are listed on the
+ reference page of the respective command.
+
+
-
-
- 1998-09-23
-
-
</div>
<div class="diff rem">- Notes</div>
<div class="diff rem">-
+
+
Notes
Currently, to grant privileges in
Postgres to only a few columns, you must
- create a view having desired columns and then grant privileges
+ create a view having the desired columns and then grant privileges
to that view.
- Use <command>psql \z
- for further information about permissions
+ Use <xref linkend="app-psql">'s \z command
+ to obtain information about privileges
on existing objects:
- Database = lusitania
+ Database = lusitania
+------------------+---------------------------------------------+
| Relation | Grant/Revoke Permissions |
+------------------+---------------------------------------------+
- | mytable | {"=rw","miriam=arwR","group todos=rw"} |
+ | mytable | {"=rw","miriam=arwdRxt","group todos=rw"} |
+------------------+---------------------------------------------+
Legend:
uname=arwR -- privileges granted to a user
- group gname=arwR -- privileges granted to a GROUP
+ group gname=arwR -- privileges granted to a group
=arwR -- privileges granted to PUBLIC
- r -- SELECT
- w -- UPDATE/DELETE
- a -- INSERT
+ r -- SELECT ("read")
+ w -- UPDATE ("write")
+ a -- INSERT ("append")
+ d -- DELETE
R -- RULE
- arwR -- ALL
-
-
+ x -- REFERENCES
+ t -- TRIGGER
+ arwdRxt -- ALL PRIVILEGES
+
- Refer to REVOKE statements to revoke access privileges.
+ The command is used to revoke access
+ privileges.
-
-
-
</div>
<div class="diff rem">- Usage</div>
<div class="diff rem">-
+
+
Examples
+
Grant insert privilege to all users on table films:
GRANT INSERT ON films TO PUBLIC;
-
+
Grant all privileges to user manuel on view kinds:
-GRANT ALL ON kinds TO manuel;
-
+GRANT ALL PRIVILEGES ON kinds TO manuel;
+
-
-
</div>
<div class="diff rem">- Compatibility</div>
<div class="diff rem">-
+
+
Compatibility
-
-
- 1998-09-23
-
-
</div>
<div class="diff rem">- SQL92</div>
<div class="diff rem">-
+
+
SQL92
+
- The
SQL92 syntax for GRANT allows setting privileges
- for individual columns
- within a table, and allows setting a privilege to grant
- the same privileges to others:
+ The PRIVILEGES key word in ALL
+ PRIVILEGES is required.
SQL does not
+ support setting the privileges on more than one table per command.
+
+
+ The
SQL92 syntax for GRANT allows setting
+ privileges for individual columns within a table, and allows
+ setting a privilege to grant the same privileges to others:
-
+
GRANT privilege [, ...]
ON object [ ( column [, ...] ) ] [, ...]
TO { PUBLIC | username [, ...] } [ WITH GRANT OPTION ]
-
+
+
+
+
SQL allows to grant the USAGE privilege on
+ other kinds of objects: CHARACTER SET, COLLATION, TRANSLATION, DOMAIN.
- Fields are compatible with those in the
Postgres- implementation, with the following additions:
-
-
-
- privilege
-
-
SQL92 permits additional privileges to be specified:
-
-
-
- SELECT
-
-
-
-
-
-
- REFERENCES
-
- Allowed to reference some or all of the columns of a specific
- table/view in integrity constraints.
-
-
-
-
-
- USAGE
-
- Allowed to use a domain, character set, collation
- or translation.
- If an object specifies anything other than a table/view,
- privilege
- must specify only USAGE.
-
-
-
-
-
-
-
-
-
- object
-
-
-
-
- [ TABLE ] table
-
-
SQL92 allows the additional
- non-functional keyword TABLE.
-
-
-
-
-
- CHARACTER SET
-
- Allowed to use the specified character set.
-
-
-
-
-
- COLLATION
-
- Allowed to use the specified collation sequence.
-
-
-
-
-
- TRANSLATION
-
- Allowed to use the specified character set translation.
-
-
-
-
-
- DOMAIN
-
- Allowed to use the specified domain.
-
-
-
-
-
- WITH GRANT OPTION
-
- Allowed to grant the same privilege to others.
-
-
-
-
-
-
-
-
+ The TRIGGER privilege was introduced in SQL99. The RULE privilege
+ is a PostgreSQL extension.
+
+
+
+
+
+
See Also
+
+
+
+
+
-
- INSERT
-
+ INSERT
SQL - Language Statements
-
- REVOKE
-
+ REVOKE
SQL - Language Statements
+
-
- REVOKE
-
-
- Revokes access privilege from a user, a group or all users.
-
+ REVOKE
+ Revokes access privilege from a user, a group, or all users.
-
-
- 1999-07-20
-
-
-REVOKE privilege [, ...]
- ON object [, ...]
- FROM { PUBLIC | GROUP groupname | username }
-
-
-
-
- 1998-09-24
-
-
</div>
<div class="diff rem">- Inputs</div>
<div class="diff rem">-
-
-
-
- privilege
-
- The possible privileges are:
-
-
-
- SELECT
-
- Privilege to access all of the columns of a specific
- table/view.
-
-
-
-
-
- INSERT
-
- Privilege to insert data into all columns of a
- specific table.
-
-
-
-
-
- UPDATE
-
- Privilege to update all columns of a specific
- table.
-
-
-
-
-
- DELETE
-
- Privilege to delete rows from a specific table.
-
-
-
-
-
- RULE
-
- Privilege to define rules on table/view.
- (See
- ).
-
-
-
-
-
- ALL
-
- Rescind all privileges.
-
-
-
-
-
-
-
-
-
- object
-
- The name of an object from which to revoke access.
-
- The possible objects are:
-
-
- table
-
-
-
- view
-
-
-
-
- sequence
-
-
-
-
-
-
-
-
-
- group
-
- The name of a group from whom to revoke privileges.
-
-
-
-
-
- username
-
- The name of a user from whom revoke privileges. Use the PUBLIC keyword
- to specify all users.
-
-
-
-
-
- PUBLIC
-
- Rescind the specified privilege(s) for all users.
-
-
-
-
-
-
-
-
-
- 1998-09-24
-
-
</div>
<div class="diff rem">- Outputs</div>
<div class="diff rem">-
-
-
-
-
-CHANGE
-
-
- Message returned if successfully.
-
-
-
-
-
-
-ERROR
-
-
- Message returned if object is not available or impossible
- to revoke privileges from a group or users.
-
-
-
-
-
-
+
+
+REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
+ ON [ TABLE ] object [, ...]
+ FROM { username | GROUP groupname | PUBLIC }
+
-
-
- 1998-09-24
-
-
</div>
<div class="diff rem">- Description</div>
<div class="diff rem">-
+
+
Description
+
- REVOKE allows creator of an object to revoke permissions granted
- before, from all users (via PUBLIC) or a certain user or group.
+ REVOKE allows the creator of an object to revoke
+ permissions granted before, from a users or a group of users. The
+ key word PUBLIC means to revoke this privilege
+ from all users.
-
-
- 1998-09-24
-
-
</div>
<div class="diff rem">- Notes</div>
<div class="diff rem">-
- Refer to psql \z command for further information about permissions
- on existing objects:
-
-Database = lusitania
-+------------------+---------------------------------------------+
-| Relation | Grant/Revoke Permissions |
-+------------------+---------------------------------------------+
-| mytable | {"=rw","miriam=arwR","group todos=rw"} |
-+------------------+---------------------------------------------+
-Legend:
- uname=arwR -- privileges granted to a user
- group gname=arwR -- privileges granted to a GROUP
- =arwR -- privileges granted to PUBLIC
-
- r -- SELECT
- w -- UPDATE/DELETE
- a -- INSERT
- R -- RULE
- arwR -- ALL
-
-
-
- Currently, to create a GROUP you have to insert
- data manually into table pg_group as:
+ See the description of the command for
+ the meaning of the privilege types.
+
+
-INSERT INTO pg_group VALUES ('todos');
-CREATE USER miriam IN GROUP todos;
-
-
-
+
+
Notes
-
+ Use 's \z command to
+ display the privileges granted on existing objects. See also
+ linkend="sql-grant"> for information about the format.
+
-
-
</div>
<div class="diff rem">- Usage</div>
<div class="diff rem">-
+
+
Examples
+
Revoke insert privilege from all users on table
films:
REVOKE INSERT ON films FROM PUBLIC;
-
+
Revoke all privileges from user manuel on view kinds:
-REVOKE ALL ON kinds FROM manuel;
-
+REVOKE ALL PRIVILEGES ON kinds FROM manuel;
+
-
-
</div>
<div class="diff rem">- Compatibility</div>
<div class="diff rem">-
+
+
Compatibility
-
-
- 1998-09-01
-
-
</div>
<div class="diff rem">- SQL92</div>
<div class="diff rem">-
+
+
SQL92
- The SQL92 syntax for REVOKE
- has additional capabilities for rescinding
- privileges, including those on individual columns in tables:
-
-
-
-
-
-REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...]
- ON object
- FROM { PUBLIC | username [, ...] } { RESTRICT | CASCADE }
-REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( column [, ...] ) ]
- ON object
- FROM { PUBLIC | username [, ...] } { RESTRICT | CASCADE }
-
-
-
- Refer to
-
- for details on individual fields.
-
-
-
-
-
-
-
-REVOKE GRANT OPTION FOR privilege [, ...]
- ON object
- FROM { PUBLIC | username [, ...] } { RESTRICT | CASCADE }
-
-
-
- Rescinds authority for a user to grant the specified privilege
- to others.
- Refer to
-
- for details on individual fields.
-
-
-
-
-
-
- The possible objects are:
-
-
- [ TABLE ] table/view
-
-
- CHARACTER SET character-set
-
-
- COLLATION collation
-
-
- TRANSLATION translation
-
-
- DOMAIN domain
-
-
+ The compatibility notes of the command
+ apply analogously to REVOKE. The syntax summary is:
+
+
+REVOKE [ GRANT OPTION FOR ] { SELECT | INSERT | UPDATE | DELETE | REFERENCES }
+ ON object [ ( column [, ...] ) ]
+ FROM { PUBLIC | username [, ...] }
+ { RESTRICT | CASCADE }
+
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3 then user1 can revoke
this privilege in cascade using the CASCADE keyword.
-
-
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3, then if user1 tries to revoke
this privilege it fails if he specify the RESTRICT
+
+
+
See Also
+
+
+
+
+
+
-
- SELECT
-
+ SELECT
SQL - Language Statements
-
- UPDATE
-
+ UPDATE
SQL - Language Statements
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.47 2001/03/22 03:59:18 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/catalog/aclchk.c,v 1.48 2001/05/27 09:59:28 petere Exp $
*
* NOTES
* See acl.h.
};
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
static
dumpacl(Acl *acl)
{
PointerGetDatum(aip + i))));
}
-#endif
+#endif /* ACLDEBUG */
/*
* ChangeAcl
old_acl = DatumGetAclPCopy(aclDatum);
}
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
dumpacl(old_acl);
#endif
new_acl = aclinsert3(old_acl, mod_aip, modechg);
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
dumpacl(new_acl);
#endif
{
if (aip->ai_id == id)
{
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "aclcheck: found user %u/%d",
aip->ai_id, aip->ai_mode);
#endif
{
if (in_group(id, aip->ai_id))
{
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "aclcheck: found group %u/%d",
aip->ai_id, aip->ai_mode);
#endif
{
if (aip->ai_id == id)
{
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "aclcheck: found group %u/%d",
aip->ai_id, aip->ai_mode);
#endif
break;
}
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "aclcheck: using world=%d", aidat->ai_mode);
#endif
return (aidat->ai_mode & mode) ? ACLCHECK_OK : ACLCHECK_NO_PRIV;
* pg_shadow.usecatupd is set. (This is to let superusers protect
* themselves from themselves.)
*/
- if (((mode & ACL_WR) || (mode & ACL_AP)) &&
+ if (((mode & ACL_UPDATE) || (mode & ACL_INSERT) || (mode & ACL_DELETE)) &&
!allowSystemTableMods && IsSystemRelationName(relname) &&
strncmp(relname, "pg_temp.", strlen("pg_temp.")) != 0 &&
!((Form_pg_shadow) GETSTRUCT(tuple))->usecatupd)
*/
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
{
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "pg_aclcheck: \"%s\" is superuser",
usename);
#endif
*/
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
{
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "pg_ownercheck: user \"%s\" is superuser",
usename);
#endif
*/
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
{
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "pg_ownercheck: user \"%s\" is superuser",
usename);
#endif
*/
if (((Form_pg_shadow) GETSTRUCT(tuple))->usesuper)
{
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "pg_aggr_ownercheck: user \"%s\" is superuser",
usename);
#endif
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.128 2001/05/21 14:22:11 wieck Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.129 2001/05/27 09:59:28 petere Exp $
*
* NOTES
* The PerformAddAttribute() code, like most of the relation
elog(ERROR, "LOCK TABLE: %s is not a table", lockstmt->relname);
if (lockstmt->mode == AccessShareLock)
- aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_RD);
+ aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_SELECT);
else
- aclresult = pg_aclcheck(lockstmt->relname, GetUserId(), ACL_WR);
+ aclresult = pg_aclcheck(lockstmt->relname, GetUserId(),
+ ACL_UPDATE | ACL_DELETE);
if (aclresult != ACLCHECK_OK)
elog(ERROR, "LOCK TABLE: permission denied");
* Copyright (c) 1999, PostgreSQL Global Development Group
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/comment.c,v 1.27 2001/03/22 03:59:21 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/comment.c,v 1.28 2001/05/27 09:59:29 petere Exp $
*
*-------------------------------------------------------------------------
*/
#ifndef NO_SECURITY
relation = RewriteGetRuleEventRel(rule);
- aclcheck = pg_aclcheck(relation, GetUserId(), ACL_RU);
+ aclcheck = pg_aclcheck(relation, GetUserId(), ACL_RULE);
if (aclcheck != ACLCHECK_OK)
{
elog(ERROR, "you are not permitted to comment on rule '%s'",
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.136 2001/03/22 06:16:11 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.137 2001/05/27 09:59:29 petere Exp $
*
*-------------------------------------------------------------------------
*/
FILE *fp;
Relation rel;
- const AclMode required_access = from ? ACL_WR : ACL_RD;
+ const AclMode required_access = from ? ACL_INSERT : ACL_SELECT;
int result;
/*
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/sequence.c,v 1.55 2001/05/10 20:38:49 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/sequence.c,v 1.56 2001/05/27 09:59:29 petere Exp $
*
*-------------------------------------------------------------------------
*/
rescnt = 0;
bool logit = false;
- if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
+ if (pg_aclcheck(seqname, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
elog(ERROR, "%s.nextval: you don't have permissions to set sequence %s",
seqname, seqname);
SeqTable elm;
int32 result;
- if (pg_aclcheck(seqname, GetUserId(), ACL_RD) != ACLCHECK_OK)
+ if (pg_aclcheck(seqname, GetUserId(), ACL_SELECT) != ACLCHECK_OK)
elog(ERROR, "%s.currval: you don't have permissions to read sequence %s",
seqname, seqname);
Buffer buf;
Form_pg_sequence seq;
- if (pg_aclcheck(seqname, GetUserId(), ACL_WR) != ACLCHECK_OK)
+ if (pg_aclcheck(seqname, GetUserId(), ACL_UPDATE) != ACLCHECK_OK)
elog(ERROR, "%s.setval: you don't have permissions to set sequence %s",
seqname, seqname);
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.90 2001/03/22 06:16:11 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/trigger.c,v 1.91 2001/05/27 09:59:29 petere Exp $
*
*-------------------------------------------------------------------------
*/
if (!allowSystemTableMods && IsSystemRelationName(stmt->relname))
elog(ERROR, "CreateTrigger: can't create trigger for system relation %s", stmt->relname);
- if (!pg_ownercheck(GetUserId(), stmt->relname, RELNAME))
- elog(ERROR, "%s: %s", stmt->relname, aclcheck_error_strings[ACLCHECK_NOT_OWNER]);
+ if (pg_aclcheck(stmt->relname, GetUserId(),
+ stmt->isconstraint ? ACL_REFERENCES : ACL_TRIGGER)
+ != ACLCHECK_OK)
+ elog(ERROR, "permission denied");
/*
* If trigger is a constraint, user trigger name as constraint name
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.140 2001/05/15 00:33:36 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/executor/execMain.c,v 1.141 2001/05/27 09:59:29 petere Exp $
*
*-------------------------------------------------------------------------
*/
if (rte->checkForRead)
{
- aclcheck_result = CHECK(ACL_RD);
+ aclcheck_result = CHECK(ACL_SELECT);
if (aclcheck_result != ACLCHECK_OK)
elog(ERROR, "%s: %s",
relName, aclcheck_error_strings[aclcheck_result]);
switch (operation)
{
case CMD_INSERT:
- /* Accept either APPEND or WRITE access for this */
- aclcheck_result = CHECK(ACL_AP);
- if (aclcheck_result != ACLCHECK_OK)
- aclcheck_result = CHECK(ACL_WR);
+ aclcheck_result = CHECK(ACL_INSERT);
break;
case CMD_SELECT:
- case CMD_DELETE:
case CMD_UPDATE:
- aclcheck_result = CHECK(ACL_WR);
+ aclcheck_result = CHECK(ACL_UPDATE);
+ break;
+ case CMD_DELETE:
+ aclcheck_result = CHECK(ACL_DELETE);
break;
default:
elog(ERROR, "ExecCheckRTEPerms: bogus operation %d",
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.226 2001/05/14 20:30:20 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.227 2001/05/27 09:59:29 petere Exp $
*
* HISTORY
* AUTHOR DATE MAJOR EVENT
*
*****************************************************************************/
-GrantStmt: GRANT privileges ON relation_name_list TO grantee opt_with_grant
+GrantStmt: GRANT privileges ON opt_table relation_name_list TO grantee opt_with_grant
{
- $$ = (Node*)makeAclStmt($2,$4,$6,'+');
+ $$ = (Node*)makeAclStmt($2,$5,$7,'+');
}
;
privileges: ALL PRIVILEGES
{
- $$ = aclmakepriv("rwaR",0);
+ $$ = aclmakepriv(ACL_MODE_STR,0);
}
| ALL
{
- $$ = aclmakepriv("rwaR",0);
+ $$ = aclmakepriv(ACL_MODE_STR,0);
}
| operation_commalist
{
operation: SELECT
{
- $$ = ACL_MODE_RD_CHR;
+ $$ = ACL_MODE_SELECT_CHR;
}
| INSERT
{
- $$ = ACL_MODE_AP_CHR;
+ $$ = ACL_MODE_INSERT_CHR;
}
| UPDATE
{
- $$ = ACL_MODE_WR_CHR;
+ $$ = ACL_MODE_UPDATE_CHR;
}
| DELETE
{
- $$ = ACL_MODE_WR_CHR;
+ $$ = ACL_MODE_DELETE_CHR;
}
| RULE
{
- $$ = ACL_MODE_RU_CHR;
+ $$ = ACL_MODE_RULE_CHR;
+ }
+ | REFERENCES
+ {
+ $$ = ACL_MODE_REFERENCES_CHR;
+ }
+ | TRIGGER
+ {
+ $$ = ACL_MODE_TRIGGER_CHR;
}
;
*
*****************************************************************************/
-RevokeStmt: REVOKE privileges ON relation_name_list FROM grantee
+RevokeStmt: REVOKE privileges ON opt_table relation_name_list FROM grantee
{
- $$ = (Node*)makeAclStmt($2,$4,$6,'-');
+ $$ = (Node*)makeAclStmt($2,$5,$7,'-');
}
;
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.110 2001/05/07 00:43:23 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/tcop/utility.c,v 1.111 2001/05/27 09:59:29 petere Exp $
*
*-------------------------------------------------------------------------
*/
int aclcheck_result;
relationName = RewriteGetRuleEventRel(rulename);
- aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RU);
+ aclcheck_result = pg_aclcheck(relationName, GetUserId(), ACL_RULE);
if (aclcheck_result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relationName,
aclcheck_error_strings[aclcheck_result]);
int aclcheck_result;
relname = stmt->object->relname;
- aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RU);
+ aclcheck_result = pg_aclcheck(relname, GetUserId(), ACL_RULE);
if (aclcheck_result != ACLCHECK_OK)
elog(ERROR, "%s: %s", relname, aclcheck_error_strings[aclcheck_result]);
set_ps_display(commandTag = "CREATE");
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.58 2001/03/22 03:59:48 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.59 2001/05/27 09:59:30 petere Exp $
*
*-------------------------------------------------------------------------
*/
Assert(s && aip && modechg);
-#ifdef ACLDEBUG_TRACE
- printf("aclparse: input = '%s'\n", s);
+#ifdef ACLDEBUG
+ elog(DEBUG, "aclparse: input = '%s'", s);
#endif
aip->ai_idtype = ACL_IDTYPE_UID;
s = getid(s, name);
{
switch (*s)
{
- case ACL_MODE_AP_CHR:
- aip->ai_mode |= ACL_AP;
+ case ACL_MODE_INSERT_CHR:
+ aip->ai_mode |= ACL_INSERT;
break;
- case ACL_MODE_RD_CHR:
- aip->ai_mode |= ACL_RD;
+ case ACL_MODE_SELECT_CHR:
+ aip->ai_mode |= ACL_SELECT;
break;
- case ACL_MODE_WR_CHR:
- aip->ai_mode |= ACL_WR;
+ case ACL_MODE_UPDATE_CHR:
+ aip->ai_mode |= ACL_UPDATE;
break;
- case ACL_MODE_RU_CHR:
- aip->ai_mode |= ACL_RU;
+ case ACL_MODE_DELETE_CHR:
+ aip->ai_mode |= ACL_DELETE;
+ break;
+ case ACL_MODE_RULE_CHR:
+ aip->ai_mode |= ACL_RULE;
+ break;
+ case ACL_MODE_REFERENCES_CHR:
+ aip->ai_mode |= ACL_REFERENCES;
+ break;
+ case ACL_MODE_TRIGGER_CHR:
+ aip->ai_mode |= ACL_TRIGGER;
break;
default:
elog(ERROR, "aclparse: mode flags must use \"%s\"",
break;
}
-#ifdef ACLDEBUG_TRACE
+#ifdef ACLDEBUG
elog(DEBUG, "aclparse: correctly read [%x %d %x], modechg=%x",
aip->ai_idtype, aip->ai_id, aip->ai_mode, *modechg);
#endif
unsigned i;
char *tmpname;
- p = out = palloc(strlen("group =arwR ") + 1 + NAMEDATALEN);
+ p = out = palloc(strlen("group =" ACL_MODE_STR " ") + 1 + NAMEDATALEN);
*p = '\0';
switch (aip->ai_idtype)
AclItem *aip;
#define ACL_WORLD_DEFAULT (ACL_NO)
-/* #define ACL_WORLD_DEFAULT (ACL_RD|ACL_WR|ACL_AP|ACL_RU) */
-#define ACL_OWNER_DEFAULT (ACL_RD|ACL_WR|ACL_AP|ACL_RU)
+#define ACL_OWNER_DEFAULT (ACL_INSERT|ACL_SELECT|ACL_UPDATE|ACL_DELETE|ACL_RULE|ACL_REFERENCES|ACL_TRIGGER)
acl = makeacl(2);
aip = ACL_DAT(acl);
aip[0].ai_idtype = ACL_IDTYPE_WORLD;
aip[0].ai_id = ACL_ID_WORLD;
- aip[0].ai_mode = IsSystemRelationName(relname) ? ACL_RD : ACL_WORLD_DEFAULT;
+ aip[0].ai_mode = IsSystemRelationName(relname) ? ACL_SELECT : ACL_WORLD_DEFAULT;
aip[1].ai_idtype = ACL_IDTYPE_UID;
aip[1].ai_id = ownerid;
aip[1].ai_mode = ACL_OWNER_DEFAULT;
int i;
int l;
- Assert(strlen(old_privlist) < 5);
- priv = palloc(5); /* at most "rwaR" */ ;
+ Assert(strlen(old_privlist) <= strlen(ACL_MODE_STR));
+ priv = palloc(strlen(ACL_MODE_STR)+1);
if (old_privlist == NULL || old_privlist[0] == '\0')
{
l = strlen(old_privlist);
- if (l == 4)
+ if (l == strlen(ACL_MODE_STR))
{ /* can't add any more privileges */
return priv;
}
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: acl.h,v 1.31 2001/03/22 04:01:10 momjian Exp $
+ * $Id: acl.h,v 1.32 2001/05/27 09:59:30 petere Exp $
*
* NOTES
* For backward-compatibility purposes we have to allow there
typedef uint8 AclMode;
#define ACL_NO 0 /* no permissions */
-#define ACL_AP (1<<0) /* append */
-#define ACL_RD (1<<1) /* read */
-#define ACL_WR (1<<2) /* write (append/delete/replace) */
-#define ACL_RU (1<<3) /* place rules */
-#define N_ACL_MODES 4
+#define ACL_INSERT (1<<0)
+#define ACL_SELECT (1<<1)
+#define ACL_UPDATE (1<<2)
+#define ACL_DELETE (1<<3)
+#define ACL_RULE (1<<4)
+#define ACL_REFERENCES (1<<5)
+#define ACL_TRIGGER (1<<6)
+#define N_ACL_MODES 7 /* 1 plus the last 1<
/*
* AclItem
#define ACL_MODECHG_ADD_CHR '+'
#define ACL_MODECHG_DEL_CHR '-'
#define ACL_MODECHG_EQL_CHR '='
-#define ACL_MODE_STR "arwR" /* list of valid characters */
-#define ACL_MODE_AP_CHR 'a'
-#define ACL_MODE_RD_CHR 'r'
-#define ACL_MODE_WR_CHR 'w'
-#define ACL_MODE_RU_CHR 'R'
+#define ACL_MODE_STR "arwdRxt" /* list of valid characters */
+#define ACL_MODE_INSERT_CHR 'a' /* formerly known as "append" */
+#define ACL_MODE_SELECT_CHR 'r' /* formerly known as "read" */
+#define ACL_MODE_UPDATE_CHR 'w' /* formerly known as "write" */
+#define ACL_MODE_DELETE_CHR 'd'
+#define ACL_MODE_RULE_CHR 'R'
+#define ACL_MODE_REFERENCES_CHR 'x'
+#define ACL_MODE_TRIGGER_CHR 't'
/* result codes for pg_aclcheck */
#define ACLCHECK_OK 0
/* warning messages. set these in aclchk.c. */
extern char *aclcheck_error_strings[];
-/*
- * Enable ACL execution tracing and table dumps
- */
-/*#define ACLDEBUG_TRACE*/
-
/*
* routines used internally
*/
--- /dev/null
+--
+-- Test access privileges
+--
+CREATE USER regressuser1;
+CREATE USER regressuser2;
+CREATE USER regressuser3;
+CREATE USER regressuser4;
+CREATE USER regressuser4; -- duplicate
+ERROR: CREATE USER: user name "regressuser4" already exists
+CREATE GROUP regressgroup1;
+CREATE GROUP regressgroup2 WITH USER regressuser1, regressuser2;
+ALTER GROUP regressgroup1 ADD USER regressuser4;
+ALTER GROUP regressgroup2 ADD USER regressuser2; -- duplicate
+NOTICE: ALTER GROUP: user "regressuser2" is already in group "regressgroup2"
+ALTER GROUP regressgroup2 DROP USER regressuser2;
+ALTER GROUP regressgroup2 ADD USER regressuser4;
+-- test owner privileges
+SET SESSION AUTHORIZATION regressuser1;
+SELECT session_user, current_user;
+ session_user | current_user
+--------------+--------------
+ regressuser1 | regressuser1
+(1 row)
+
+CREATE TABLE atest1 ( a int, b text );
+SELECT * FROM atest1;
+ a | b
+---+---
+(0 rows)
+
+INSERT INTO atest1 VALUES (1, 'one');
+DELETE FROM atest1;
+UPDATE atest1 SET a = 1 WHERE b = 'blech';
+LOCK atest1 IN ACCESS EXCLUSIVE MODE;
+REVOKE ALL ON atest1 FROM PUBLIC;
+SELECT * FROM atest1;
+ a | b
+---+---
+(0 rows)
+
+GRANT ALL ON atest1 TO regressuser2;
+GRANT SELECT ON atest1 TO regressuser3;
+SELECT * FROM atest1;
+ a | b
+---+---
+(0 rows)
+
+CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
+GRANT SELECT ON atest2 TO regressuser2;
+GRANT UPDATE ON atest2 TO regressuser3;
+GRANT INSERT ON atest2 TO regressuser4;
+SET SESSION AUTHORIZATION regressuser2;
+SELECT session_user, current_user;
+ session_user | current_user
+--------------+--------------
+ regressuser2 | regressuser2
+(1 row)
+
+-- try various combinations of queries on atest1 and atest2
+SELECT * FROM atest1; -- ok
+ a | b
+---+---
+(0 rows)
+
+SELECT * FROM atest2; -- ok
+ col1 | col2
+------+------
+(0 rows)
+
+INSERT INTO atest1 VALUES (2, 'two'); -- ok
+INSERT INTO atest2 VALUES ('foo', true); -- fail
+ERROR: atest2: Permission denied.
+INSERT INTO atest1 SELECT 1, b FROM atest1; -- ok
+UPDATE atest1 SET a = 1 WHERE a = 2; -- ok
+UPDATE atest2 SET col2 = NOT col2; -- fail
+ERROR: atest2: Permission denied.
+SELECT * FROM atest1 FOR UPDATE; -- ok
+ a | b
+---+-----
+ 1 | two
+ 1 | two
+(2 rows)
+
+SELECT * FROM atest2 FOR UPDATE; -- fail
+ERROR: atest2: Permission denied.
+DELETE FROM atest2; -- fail
+ERROR: atest2: Permission denied.
+LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- fail
+ERROR: LOCK TABLE: permission denied
+COPY atest2 FROM stdin; -- fail
+ERROR: atest2: Permission denied.
+GRANT ALL ON atest1 TO PUBLIC; -- fail
+ERROR: you do not own class "atest1"
+-- checks in subquery, both ok
+SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
+ a | b
+---+---
+(0 rows)
+
+SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
+ col1 | col2
+------+------
+(0 rows)
+
+SET SESSION AUTHORIZATION regressuser3;
+SELECT session_user, current_user;
+ session_user | current_user
+--------------+--------------
+ regressuser3 | regressuser3
+(1 row)
+
+SELECT * FROM atest1; -- ok
+ a | b
+---+-----
+ 1 | two
+ 1 | two
+(2 rows)
+
+SELECT * FROM atest2; -- fail
+ERROR: atest2: Permission denied.
+INSERT INTO atest1 VALUES (2, 'two'); -- fail
+ERROR: atest1: Permission denied.
+INSERT INTO atest2 VALUES ('foo', true); -- fail
+ERROR: atest2: Permission denied.
+INSERT INTO atest1 SELECT 1, b FROM atest1; -- fail
+ERROR: atest1: Permission denied.
+UPDATE atest1 SET a = 1 WHERE a = 2; -- fail
+ERROR: atest1: Permission denied.
+UPDATE atest2 SET col2 = NULL; -- ok
+UPDATE atest2 SET col2 = NOT col2; -- fails; requires SELECT on atest2
+ERROR: atest2: Permission denied.
+UPDATE atest2 SET col2 = true WHERE atest1.a = 5; -- ok
+SELECT * FROM atest1 FOR UPDATE; -- fail
+ERROR: atest1: Permission denied.
+SELECT * FROM atest2 FOR UPDATE; -- fail
+ERROR: atest2: Permission denied.
+DELETE FROM atest2; -- fail
+ERROR: atest2: Permission denied.
+LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- ok
+COPY atest2 FROM stdin; -- fail
+ERROR: atest2: Permission denied.
+-- checks in subquery, both fail
+SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
+ERROR: atest2: Permission denied.
+SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
+ERROR: atest2: Permission denied.
+SET SESSION AUTHORIZATION regressuser4;
+COPY atest2 FROM stdin; -- ok
+-- groups
+SET SESSION AUTHORIZATION regressuser3;
+CREATE TABLE atest3 (one int, two int, three int);
+GRANT DELETE ON atest3 TO GROUP regressgroup2;
+SET SESSION AUTHORIZATION regressuser1;
+SELECT * FROM atest3; -- fail
+ERROR: atest3: Permission denied.
+DELETE FROM atest3; -- ok
+-- views
+SET SESSION AUTHORIZATION regressuser3;
+CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
+/* The next *should* fail, but it's not implemented that way yet. */
+CREATE VIEW atestv2 AS SELECT * FROM atest2;
+CREATE VIEW atestv3 AS SELECT * FROM atest3; -- ok
+SELECT * FROM atestv1; -- ok
+ a | b
+---+-----
+ 1 | two
+ 1 | two
+(2 rows)
+
+GRANT SELECT ON atestv1 TO regressuser4;
+GRANT SELECT ON atestv3 TO regressuser4;
+SET SESSION AUTHORIZATION regressuser4;
+SELECT * FROM atestv1; -- ok
+ a | b
+---+-----
+ 1 | two
+ 1 | two
+(2 rows)
+
+SELECT * FROM atestv3; -- ok
+ one | two | three
+-----+-----+-------
+(0 rows)
+
+-- clean up
+\c regression
+DROP TABLE atest1;
+DROP TABLE atest2;
+DROP TABLE atest3;
+DROP VIEW atestv1;
+DROP VIEW atestv2;
+DROP VIEW atestv3;
+DROP GROUP regressgroup1;
+DROP GROUP regressgroup2;
+DROP USER regressuser1;
+DROP USER regressuser2;
+DROP USER regressuser3;
+DROP USER regressuser4;
ignore: random
test: select_into select_distinct select_distinct_on select_implicit select_having subselect union case join aggregates transactions random portals arrays btree_index hash_index
+test: privileges
test: misc
# ----------
#! /bin/sh
-# $Header: /cvsroot/pgsql/src/test/regress/Attic/pg_regress.sh,v 1.20 2001/03/24 23:32:25 petere Exp $
+# $Header: /cvsroot/pgsql/src/test/regress/Attic/pg_regress.sh,v 1.21 2001/05/27 09:59:30 petere Exp $
me=`basename $0`
: ${TMPDIR=/tmp}
fi
+# ----------
+# Remove regressuser* and regressgroup* user accounts.
+# ----------
+
+message "dropping regression test user accounts"
+"$bindir/psql" $psql_options -c 'drop group regressgroup1; drop group regressgroup2; drop user regressuser1, regressuser2, regressuser3, regressuser4;' $dbname 2>/dev/null
+if [ $? -eq 2 ]; then
+ echo "$me: could not drop user accounts"
+ (exit 2); exit
+fi
+
+
# ----------
# Install the PL/pgSQL language in it
# ----------
-# $Header: /cvsroot/pgsql/src/test/regress/serial_schedule,v 1.3 2000/11/22 13:37:44 petere Exp $
+# $Header: /cvsroot/pgsql/src/test/regress/serial_schedule,v 1.4 2001/05/27 09:59:30 petere Exp $
# This should probably be in an order similar to parallel_schedule.
test: boolean
test: char
test: arrays
test: btree_index
test: hash_index
+test: privileges
test: misc
test: select_views
test: alter_table
--- /dev/null
+--
+-- Test access privileges
+--
+
+CREATE USER regressuser1;
+CREATE USER regressuser2;
+CREATE USER regressuser3;
+CREATE USER regressuser4;
+CREATE USER regressuser4; -- duplicate
+
+CREATE GROUP regressgroup1;
+CREATE GROUP regressgroup2 WITH USER regressuser1, regressuser2;
+
+ALTER GROUP regressgroup1 ADD USER regressuser4;
+
+ALTER GROUP regressgroup2 ADD USER regressuser2; -- duplicate
+ALTER GROUP regressgroup2 DROP USER regressuser2;
+ALTER GROUP regressgroup2 ADD USER regressuser4;
+
+
+-- test owner privileges
+
+SET SESSION AUTHORIZATION regressuser1;
+SELECT session_user, current_user;
+
+CREATE TABLE atest1 ( a int, b text );
+SELECT * FROM atest1;
+INSERT INTO atest1 VALUES (1, 'one');
+DELETE FROM atest1;
+UPDATE atest1 SET a = 1 WHERE b = 'blech';
+LOCK atest1 IN ACCESS EXCLUSIVE MODE;
+
+REVOKE ALL ON atest1 FROM PUBLIC;
+SELECT * FROM atest1;
+
+GRANT ALL ON atest1 TO regressuser2;
+GRANT SELECT ON atest1 TO regressuser3;
+SELECT * FROM atest1;
+
+CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
+GRANT SELECT ON atest2 TO regressuser2;
+GRANT UPDATE ON atest2 TO regressuser3;
+GRANT INSERT ON atest2 TO regressuser4;
+
+
+SET SESSION AUTHORIZATION regressuser2;
+SELECT session_user, current_user;
+
+-- try various combinations of queries on atest1 and atest2
+
+SELECT * FROM atest1; -- ok
+SELECT * FROM atest2; -- ok
+INSERT INTO atest1 VALUES (2, 'two'); -- ok
+INSERT INTO atest2 VALUES ('foo', true); -- fail
+INSERT INTO atest1 SELECT 1, b FROM atest1; -- ok
+UPDATE atest1 SET a = 1 WHERE a = 2; -- ok
+UPDATE atest2 SET col2 = NOT col2; -- fail
+SELECT * FROM atest1 FOR UPDATE; -- ok
+SELECT * FROM atest2 FOR UPDATE; -- fail
+DELETE FROM atest2; -- fail
+LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- fail
+COPY atest2 FROM stdin; -- fail
+GRANT ALL ON atest1 TO PUBLIC; -- fail
+
+-- checks in subquery, both ok
+SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
+SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
+
+
+SET SESSION AUTHORIZATION regressuser3;
+SELECT session_user, current_user;
+
+SELECT * FROM atest1; -- ok
+SELECT * FROM atest2; -- fail
+INSERT INTO atest1 VALUES (2, 'two'); -- fail
+INSERT INTO atest2 VALUES ('foo', true); -- fail
+INSERT INTO atest1 SELECT 1, b FROM atest1; -- fail
+UPDATE atest1 SET a = 1 WHERE a = 2; -- fail
+UPDATE atest2 SET col2 = NULL; -- ok
+UPDATE atest2 SET col2 = NOT col2; -- fails; requires SELECT on atest2
+UPDATE atest2 SET col2 = true WHERE atest1.a = 5; -- ok
+SELECT * FROM atest1 FOR UPDATE; -- fail
+SELECT * FROM atest2 FOR UPDATE; -- fail
+DELETE FROM atest2; -- fail
+LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- ok
+COPY atest2 FROM stdin; -- fail
+
+-- checks in subquery, both fail
+SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
+SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
+
+SET SESSION AUTHORIZATION regressuser4;
+COPY atest2 FROM stdin; -- ok
+bar true
+\.
+
+
+-- groups
+
+SET SESSION AUTHORIZATION regressuser3;
+CREATE TABLE atest3 (one int, two int, three int);
+GRANT DELETE ON atest3 TO GROUP regressgroup2;
+
+SET SESSION AUTHORIZATION regressuser1;
+
+SELECT * FROM atest3; -- fail
+DELETE FROM atest3; -- ok
+
+
+-- views
+
+SET SESSION AUTHORIZATION regressuser3;
+
+CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
+/* The next *should* fail, but it's not implemented that way yet. */
+CREATE VIEW atestv2 AS SELECT * FROM atest2;
+CREATE VIEW atestv3 AS SELECT * FROM atest3; -- ok
+
+SELECT * FROM atestv1; -- ok
+GRANT SELECT ON atestv1 TO regressuser4;
+GRANT SELECT ON atestv3 TO regressuser4;
+
+SET SESSION AUTHORIZATION regressuser4;
+
+SELECT * FROM atestv1; -- ok
+SELECT * FROM atestv3; -- ok
+
+
+-- clean up
+
+\c regression
+DROP TABLE atest1;
+DROP TABLE atest2;
+DROP TABLE atest3;
+
+DROP VIEW atestv1;
+DROP VIEW atestv2;
+DROP VIEW atestv3;
+
+DROP GROUP regressgroup1;
+DROP GROUP regressgroup2;
+
+DROP USER regressuser1;
+DROP USER regressuser2;
+DROP USER regressuser3;
+DROP USER regressuser4;
projects / postgresql.git / commitdiff