pgsql: Get rid of the separate RULE privilege for tables: now only a

Поиск
Список
Период
Сортировка
От tgl@postgresql.org (Tom Lane)
Тема pgsql: Get rid of the separate RULE privilege for tables: now only a
Дата
Msg-id 20060905210836.EE26C9FB1E7@postgresql.org
обсуждение исходный текст
Список pgsql-committers
Дерево обсуждения 
Log Message:
-----------
Get rid of the separate RULE privilege for tables: now only a table's owner
can create or modify rules for the table.  Do setRuleCheckAsUser() while
loading rules into the relcache, rather than when defining a rule.  This
ensures that permission checks for tables referenced in a rule are done with
respect to the current owner of the rule's table, whereas formerly ALTER TABLE
OWNER would fail to update the permission checking for associated rules.
Removal of separate RULE privilege is needed to prevent various scenarios
in which a grantee of RULE privilege could effectively have any privilege
of the table owner.  For backwards compatibility, GRANT/REVOKE RULE is still
accepted, but it doesn't do anything.  Per discussion here:
http://archives.postgresql.org/pgsql-hackers/2006-04/msg01138.php

Modified Files:
--------------
    pgsql/doc/src/sgml:
        ddl.sgml (r1.60 -> r1.61)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ddl.sgml.diff?r1=1.60&r2=1.61)
        func.sgml (r1.333 -> r1.334)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/func.sgml.diff?r1=1.333&r2=1.334)
        information_schema.sgml (r1.26 -> r1.27)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/information_schema.sgml.diff?r1=1.26&r2=1.27)
        user-manag.sgml (r1.36 -> r1.37)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/user-manag.sgml.diff?r1=1.36&r2=1.37)
    pgsql/doc/src/sgml/ref:
        create_rule.sgml (r1.46 -> r1.47)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_rule.sgml.diff?r1=1.46&r2=1.47)
        grant.sgml (r1.60 -> r1.61)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/grant.sgml.diff?r1=1.60&r2=1.61)
        revoke.sgml (r1.39 -> r1.40)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/revoke.sgml.diff?r1=1.39&r2=1.40)
    pgsql/src/backend/catalog:
        aclchk.c (r1.130 -> r1.131)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/aclchk.c.diff?r1=1.130&r2=1.131)
        information_schema.sql (r1.35 -> r1.36)

(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/information_schema.sql.diff?r1=1.35&r2=1.36)
    pgsql/src/backend/commands:
        comment.c (r1.90 -> r1.91)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/comment.c.diff?r1=1.90&r2=1.91)
    pgsql/src/backend/rewrite:
        rewriteDefine.c (r1.113 -> r1.114)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/rewrite/rewriteDefine.c.diff?r1=1.113&r2=1.114)
        rewriteRemove.c (r1.65 -> r1.66)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/rewrite/rewriteRemove.c.diff?r1=1.65&r2=1.66)
    pgsql/src/backend/utils/adt:
        acl.c (r1.134 -> r1.135)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/acl.c.diff?r1=1.134&r2=1.135)
    pgsql/src/backend/utils/cache:
        relcache.c (r1.247 -> r1.248)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/cache/relcache.c.diff?r1=1.247&r2=1.248)
    pgsql/src/include/catalog:
        catversion.h (r1.353 -> r1.354)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/catversion.h.diff?r1=1.353&r2=1.354)
    pgsql/src/include/nodes:
        parsenodes.h (r1.329 -> r1.330)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/nodes/parsenodes.h.diff?r1=1.329&r2=1.330)
    pgsql/src/include/rewrite:
        rewriteDefine.h (r1.21 -> r1.22)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/rewrite/rewriteDefine.h.diff?r1=1.21&r2=1.22)
    pgsql/src/include/utils:
        acl.h (r1.96 -> r1.97)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/acl.h.diff?r1=1.96&r2=1.97)
    pgsql/src/test/regress/expected:
        dependency.out (r1.4 -> r1.5)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/dependency.out.diff?r1=1.4&r2=1.5)
        privileges.out (r1.34 -> r1.35)

(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/privileges.out.diff?r1=1.34&r2=1.35)
    pgsql/src/test/regress/sql:
        privileges.sql (r1.18 -> r1.19)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/privileges.sql.diff?r1=1.18&r2=1.19)

В списке pgsql-committers по дате отправления:

Предыдущее
От: tgl@postgresql.org (Tom Lane)
Дата:
Сообщение: pgsql: Make Gen_fmgrtab.sh locale-proof.
Следующее
От: tgl@postgresql.org (Tom Lane)
Дата:
Сообщение: pgsql: Remove pgcrypto functions that were deprecated and slated for