Re: New patch for Column-level privileges

KaiGai,

* KaiGai Kohei (kaigai@ak.jp.nec.com) wrote:
> The attached patch put invocations of markColumnForSelectPriv()
> at transformJoinUsingClause() to mark those columns are used.

Thanks for the update!

Attached is a patch which:

  - incorporates KaiGai's latest patches to deal with JOINs and
    NATURAL JOINs

  - adds regression tests following Tom's suggestion to check
    whole-row vars in the face of column add/deletes

  - adds regression tests for NATURAL JOIN and successful JOINs
    with table sub-sets

  - reworks pg_attribute_aclmask() to remove the looping component

  - adds a new pg_attribute_aclcheck_all() to handle the ANY/ALL
    needs of execMain and the looping

  - removes special handling of system columns, they can still be
    granted/revoked, but they won't be included in ANY/ALL tests and a
    table-wide REVOKE won't affect them.  After thinking about it for a
    while, I felt this was the most sensible compromise between code
    complexity, following the SQL spec, and user freedom.

  - split out adding column revokes for table-level commands into a
    add_col_revokes function to clean up ExecGrant_Relation a bit.

  - when handling table-level revokes, skips over columns which do not
    have an ACL defined, since it clearly has no effect except to force
    creation of a default ACL that's just clutter.

Comments, testing, etc, most appreciated!

        Thanks,

            Stephen