Re: Reworks of DML permission checks

2010/6/14 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> The attached patch tries to rework DML permission checks.
>
> It was mainly checked at the ExecCheckRTEPerms(), but same logic was
> implemented in COPY TO/FROM statement and RI_Initial_Check().
>
> This patch tries to consolidate these permission checks into a common
> function to make access control decision on DML permissions. It enables
> to eliminate the code duplication, and improve consistency of access
> controls.

This patch is listed on the CommitFest page, but I'm not sure if it
represents the latest work on this topic.  At a minimum, it needs to
be rebased.

I am not excited about moving ExecCheckRT[E]Perms to some other place
in the code.  It seems to me that will complicate back-patching with
no corresponding advantage.  I'd suggest we not do that.    The COPY
and RI code can call ExecCheckRTPerms() where it is. Maybe at some
point we will have a grand master plan for how this should all be laid
out, but right now I'd prefer localized changes.

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company