[BUG] Column-level privileges on inherited tables
| От | KaiGai Kohei |
|---|---|
| Тема | [BUG] Column-level privileges on inherited tables |
| Дата | |
| Msg-id | 49AF6A4B.9060202@ak.jp.nec.com обсуждение исходный текст |
| Ответы |
Re: [BUG] Column-level privileges on inherited tables
|
| Список | pgsql-hackers |
I've observed the behavior of column-level privileges and required permissions with a few elog()s injected. I noticed rte->selectedCols is incorrect when we make a query on inherited tables. See below: ------------------------------------------------- postgres=# CREATE TABLE t1 (a int, b int, c int); CREATE TABLE postgres=# ALTER TABLE t1 DROP COLUMN b; ALTER TABLE postgres=# CREATE TABLE t2 (d int) inherits (t1); CREATE TABLE postgres=# SELECT * FROM t1; NOTICE: markRTEForSelectPriv: ACL_SELECT on t1.a NOTICE: markRTEForSelectPriv: ACL_SELECT on t1.c NOTICE: ExecCheckRTEPerms: ACL_SELECT on t1 perms = 0000 inh = 1 NOTICE: ExecCheckRTEPerms: selectedCols: t1.a NOTICE: ExecCheckRTEPerms: selectedCols: t1.c NOTICE: ExecCheckRTEPerms: ACL_SELECT on t1 perms = 0002 inh = 0 NOTICE: ExecCheckRTEPerms: selectedCols: t1.a NOTICE: ExecCheckRTEPerms: selectedCols: t1.c NOTICE: ExecCheckRTEPerms: ACL_SELECT on t2 perms = 0002 inh = 0 NOTICE: ExecCheckRTEPerms: selectedCols: t2.a NOTICE: ExecCheckRTEPerms: selectedCols: t2.d <--- (*)a | c ---+--- (0 rows) ------------------------------------------------- I injected elog() at the head of ExecCheckRTEPerms() to print requiredPerms and all the columns on selectedCols/modifiedCols. It seems to me the current implementation assumes the parant table and child table have same set of attribute name/number pair, but incorrect. It is necessary to lookup attribute names of "t2" when we extract inherited tables. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
В списке pgsql-hackers по дате отправления: