Allow choosing specific grantors via GRANT/REVOKE ... GRANTED BY.
Except for GRANT and REVOKE on roles, the GRANTED BY clause
currently only accepts the current role to match the SQL standard.
And even if an acceptable grantor (i.e., the current role) is
specified, Postgres ignores it and chooses the "best" grantor for
the command. Allowing the user to select a specific grantor would
allow better control over the precise behavior of GRANT/REVOKE
statements. This commit adds that ability. For consistency with
select_best_grantor(), we only permit choosing grantor roles for
which the current role inherits privileges.
Author: Nathan Bossart <nathandbossart@gmail.com>
Co-authored-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/aRYLkTpazxKhnS_w%40nathan
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/dd1398f1378799acc60c3ed85d82439b2ff69141
Modified Files
--------------
doc/src/sgml/ref/grant.sgml | 8 ++---
doc/src/sgml/ref/revoke.sgml | 8 ++++-
src/backend/catalog/aclchk.c | 31 ++++++-----------
src/backend/utils/adt/acl.c | 33 +++++++++++++++---
src/include/nodes/parsenodes.h | 2 +-
src/include/utils/acl.h | 2 +-
src/include/utils/aclchk_internal.h | 1 +
src/test/regress/expected/privileges.out | 60 +++++++++++++++++++++++++++++++-
src/test/regress/sql/privileges.sql | 34 ++++++++++++++++++
9 files changed, 145 insertions(+), 34 deletions(-)