2001-05-27 11:59:30 +02:00
|
|
|
--
|
|
|
|
|
-- Test access privileges
|
|
|
|
|
--
|
2006-07-18 02:32:42 +02:00
|
|
|
-- Clean up in case a prior regression run failed
|
|
|
|
|
-- Suppress NOTICE messages when users/groups don't exist
|
|
|
|
|
SET client_min_messages TO 'error';
|
|
|
|
|
DROP ROLE IF EXISTS regressgroup1;
|
|
|
|
|
DROP ROLE IF EXISTS regressgroup2;
|
|
|
|
|
DROP ROLE IF EXISTS regressuser1;
|
|
|
|
|
DROP ROLE IF EXISTS regressuser2;
|
|
|
|
|
DROP ROLE IF EXISTS regressuser3;
|
|
|
|
|
DROP ROLE IF EXISTS regressuser4;
|
2008-09-08 02:47:41 +02:00
|
|
|
DROP ROLE IF EXISTS regressuser5;
|
2006-07-18 02:32:42 +02:00
|
|
|
RESET client_min_messages;
|
|
|
|
|
-- test proper begins here
|
2001-05-27 11:59:30 +02:00
|
|
|
CREATE USER regressuser1;
|
|
|
|
|
CREATE USER regressuser2;
|
|
|
|
|
CREATE USER regressuser3;
|
|
|
|
|
CREATE USER regressuser4;
|
2008-09-08 02:47:41 +02:00
|
|
|
CREATE USER regressuser5;
|
|
|
|
|
CREATE USER regressuser5; -- duplicate
|
|
|
|
|
ERROR: role "regressuser5" already exists
|
2001-05-27 11:59:30 +02:00
|
|
|
CREATE GROUP regressgroup1;
|
|
|
|
|
CREATE GROUP regressgroup2 WITH USER regressuser1, regressuser2;
|
|
|
|
|
ALTER GROUP regressgroup1 ADD USER regressuser4;
|
|
|
|
|
ALTER GROUP regressgroup2 ADD USER regressuser2; -- duplicate
|
2005-06-28 07:09:14 +02:00
|
|
|
NOTICE: role "regressuser2" is already a member of role "regressgroup2"
|
2001-05-27 11:59:30 +02:00
|
|
|
ALTER GROUP regressgroup2 DROP USER regressuser2;
|
|
|
|
|
ALTER GROUP regressgroup2 ADD USER regressuser4;
|
|
|
|
|
-- test owner privileges
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
SELECT session_user, current_user;
|
|
|
|
|
session_user | current_user
|
|
|
|
|
--------------+--------------
|
|
|
|
|
regressuser1 | regressuser1
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
CREATE TABLE atest1 ( a int, b text );
|
|
|
|
|
SELECT * FROM atest1;
|
|
|
|
|
a | b
|
|
|
|
|
---+---
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
INSERT INTO atest1 VALUES (1, 'one');
|
|
|
|
|
DELETE FROM atest1;
|
|
|
|
|
UPDATE atest1 SET a = 1 WHERE b = 'blech';
|
2008-09-08 02:47:41 +02:00
|
|
|
TRUNCATE atest1;
|
2008-11-04 01:57:19 +01:00
|
|
|
BEGIN;
|
2001-05-27 11:59:30 +02:00
|
|
|
LOCK atest1 IN ACCESS EXCLUSIVE MODE;
|
2008-11-04 01:57:19 +01:00
|
|
|
COMMIT;
|
2001-05-27 11:59:30 +02:00
|
|
|
REVOKE ALL ON atest1 FROM PUBLIC;
|
|
|
|
|
SELECT * FROM atest1;
|
|
|
|
|
a | b
|
|
|
|
|
---+---
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
GRANT ALL ON atest1 TO regressuser2;
|
2001-06-10 01:21:55 +02:00
|
|
|
GRANT SELECT ON atest1 TO regressuser3, regressuser4;
|
2001-05-27 11:59:30 +02:00
|
|
|
SELECT * FROM atest1;
|
|
|
|
|
a | b
|
|
|
|
|
---+---
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
|
|
|
|
|
GRANT SELECT ON atest2 TO regressuser2;
|
|
|
|
|
GRANT UPDATE ON atest2 TO regressuser3;
|
|
|
|
|
GRANT INSERT ON atest2 TO regressuser4;
|
2008-09-08 02:47:41 +02:00
|
|
|
GRANT TRUNCATE ON atest2 TO regressuser5;
|
2001-05-27 11:59:30 +02:00
|
|
|
SET SESSION AUTHORIZATION regressuser2;
|
|
|
|
|
SELECT session_user, current_user;
|
|
|
|
|
session_user | current_user
|
|
|
|
|
--------------+--------------
|
|
|
|
|
regressuser2 | regressuser2
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
-- try various combinations of queries on atest1 and atest2
|
|
|
|
|
SELECT * FROM atest1; -- ok
|
|
|
|
|
a | b
|
|
|
|
|
---+---
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
SELECT * FROM atest2; -- ok
|
|
|
|
|
col1 | col2
|
|
|
|
|
------+------
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
INSERT INTO atest1 VALUES (2, 'two'); -- ok
|
|
|
|
|
INSERT INTO atest2 VALUES ('foo', true); -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
INSERT INTO atest1 SELECT 1, b FROM atest1; -- ok
|
|
|
|
|
UPDATE atest1 SET a = 1 WHERE a = 2; -- ok
|
|
|
|
|
UPDATE atest2 SET col2 = NOT col2; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
SELECT * FROM atest1 FOR UPDATE; -- ok
|
|
|
|
|
a | b
|
|
|
|
|
---+-----
|
|
|
|
|
1 | two
|
|
|
|
|
1 | two
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
|
|
|
|
SELECT * FROM atest2 FOR UPDATE; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
DELETE FROM atest2; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2008-09-08 02:47:41 +02:00
|
|
|
TRUNCATE atest2; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest2
|
2008-11-04 01:57:19 +01:00
|
|
|
BEGIN;
|
2001-05-27 11:59:30 +02:00
|
|
|
LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2008-11-04 01:57:19 +01:00
|
|
|
COMMIT;
|
2001-05-27 11:59:30 +02:00
|
|
|
COPY atest2 FROM stdin; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
GRANT ALL ON atest1 TO PUBLIC; -- fail
|
2006-01-21 03:16:21 +01:00
|
|
|
WARNING: no privileges were granted for "atest1"
|
2001-05-27 11:59:30 +02:00
|
|
|
-- checks in subquery, both ok
|
|
|
|
|
SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
|
|
|
|
|
a | b
|
|
|
|
|
---+---
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
|
|
|
|
|
col1 | col2
|
|
|
|
|
------+------
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser3;
|
|
|
|
|
SELECT session_user, current_user;
|
|
|
|
|
session_user | current_user
|
|
|
|
|
--------------+--------------
|
|
|
|
|
regressuser3 | regressuser3
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
SELECT * FROM atest1; -- ok
|
|
|
|
|
a | b
|
|
|
|
|
---+-----
|
|
|
|
|
1 | two
|
|
|
|
|
1 | two
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
|
|
|
|
SELECT * FROM atest2; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
INSERT INTO atest1 VALUES (2, 'two'); -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest1
|
2001-05-27 11:59:30 +02:00
|
|
|
INSERT INTO atest2 VALUES ('foo', true); -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
INSERT INTO atest1 SELECT 1, b FROM atest1; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest1
|
2001-05-27 11:59:30 +02:00
|
|
|
UPDATE atest1 SET a = 1 WHERE a = 2; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest1
|
2001-05-27 11:59:30 +02:00
|
|
|
UPDATE atest2 SET col2 = NULL; -- ok
|
|
|
|
|
UPDATE atest2 SET col2 = NOT col2; -- fails; requires SELECT on atest2
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2005-04-07 03:51:41 +02:00
|
|
|
UPDATE atest2 SET col2 = true FROM atest1 WHERE atest1.a = 5; -- ok
|
2001-05-27 11:59:30 +02:00
|
|
|
SELECT * FROM atest1 FOR UPDATE; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest1
|
2001-05-27 11:59:30 +02:00
|
|
|
SELECT * FROM atest2 FOR UPDATE; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
DELETE FROM atest2; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2008-09-08 02:47:41 +02:00
|
|
|
TRUNCATE atest2; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest2
|
2008-11-04 01:57:19 +01:00
|
|
|
BEGIN;
|
2001-05-27 11:59:30 +02:00
|
|
|
LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- ok
|
2008-11-04 01:57:19 +01:00
|
|
|
COMMIT;
|
2001-05-27 11:59:30 +02:00
|
|
|
COPY atest2 FROM stdin; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
-- checks in subquery, both fail
|
|
|
|
|
SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-05-27 11:59:30 +02:00
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
COPY atest2 FROM stdin; -- ok
|
2001-06-10 01:21:55 +02:00
|
|
|
SELECT * FROM atest1; -- ok
|
|
|
|
|
a | b
|
|
|
|
|
---+-----
|
|
|
|
|
1 | two
|
|
|
|
|
1 | two
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
2001-05-27 11:59:30 +02:00
|
|
|
-- groups
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser3;
|
|
|
|
|
CREATE TABLE atest3 (one int, two int, three int);
|
|
|
|
|
GRANT DELETE ON atest3 TO GROUP regressgroup2;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
SELECT * FROM atest3; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest3
|
2001-05-27 11:59:30 +02:00
|
|
|
DELETE FROM atest3; -- ok
|
|
|
|
|
-- views
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser3;
|
|
|
|
|
CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
|
|
|
|
|
/* The next *should* fail, but it's not implemented that way yet. */
|
|
|
|
|
CREATE VIEW atestv2 AS SELECT * FROM atest2;
|
|
|
|
|
CREATE VIEW atestv3 AS SELECT * FROM atest3; -- ok
|
|
|
|
|
SELECT * FROM atestv1; -- ok
|
|
|
|
|
a | b
|
|
|
|
|
---+-----
|
|
|
|
|
1 | two
|
|
|
|
|
1 | two
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
2002-05-19 17:13:20 +02:00
|
|
|
SELECT * FROM atestv2; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2001-06-10 01:21:55 +02:00
|
|
|
GRANT SELECT ON atestv1, atestv3 TO regressuser4;
|
2002-05-19 17:13:20 +02:00
|
|
|
GRANT SELECT ON atestv2 TO regressuser2;
|
2001-05-27 11:59:30 +02:00
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT * FROM atestv1; -- ok
|
|
|
|
|
a | b
|
|
|
|
|
---+-----
|
|
|
|
|
1 | two
|
|
|
|
|
1 | two
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
2002-05-19 17:13:20 +02:00
|
|
|
SELECT * FROM atestv2; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atestv2
|
2001-05-27 11:59:30 +02:00
|
|
|
SELECT * FROM atestv3; -- ok
|
|
|
|
|
one | two | three
|
|
|
|
|
-----+-----+-------
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
2002-05-19 17:13:20 +02:00
|
|
|
CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view
|
|
|
|
|
SELECT * FROM atestv4; -- ok
|
|
|
|
|
one | two | three
|
|
|
|
|
-----+-----+-------
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
GRANT SELECT ON atestv4 TO regressuser2;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser2;
|
|
|
|
|
-- Two complex cases:
|
|
|
|
|
SELECT * FROM atestv3; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atestv3
|
2002-05-19 17:13:20 +02:00
|
|
|
SELECT * FROM atestv4; -- ok (even though regressuser2 cannot access underlying atestv3)
|
|
|
|
|
one | two | three
|
|
|
|
|
-----+-----+-------
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
SELECT * FROM atest2; -- ok
|
|
|
|
|
col1 | col2
|
|
|
|
|
------+------
|
|
|
|
|
bar | t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
SELECT * FROM atestv2; -- fail (even though regressuser2 can access underlying atest2)
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2009-01-22 21:16:10 +01:00
|
|
|
-- Test column level permissions
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
CREATE TABLE atest5 (one int, two int, three int);
|
|
|
|
|
CREATE TABLE atest6 (one int, two int, blue int);
|
|
|
|
|
GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regressuser4;
|
|
|
|
|
GRANT ALL (one) ON atest5 TO regressuser3;
|
|
|
|
|
INSERT INTO atest5 VALUES (1,2,3);
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT * FROM atest5; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT one FROM atest5; -- ok
|
|
|
|
|
one
|
|
|
|
|
-----
|
|
|
|
|
1
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2009-02-06 22:15:12 +01:00
|
|
|
COPY atest5 (one) TO stdout; -- ok
|
|
|
|
|
1
|
2009-01-22 21:16:10 +01:00
|
|
|
SELECT two FROM atest5; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
2009-02-06 22:15:12 +01:00
|
|
|
COPY atest5 (two) TO stdout; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
2009-01-22 21:16:10 +01:00
|
|
|
SELECT atest5 FROM atest5; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
2009-02-06 22:15:12 +01:00
|
|
|
COPY atest5 (one,two) TO stdout; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
2009-01-22 21:16:10 +01:00
|
|
|
SELECT 1 FROM atest5; -- ok
|
|
|
|
|
?column?
|
|
|
|
|
----------
|
|
|
|
|
1
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
SELECT 1 FROM atest5 a JOIN atest5 b USING (one); -- ok
|
|
|
|
|
?column?
|
|
|
|
|
----------
|
|
|
|
|
1
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
SELECT 1 FROM atest5 a JOIN atest5 b USING (two); -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT 1 FROM atest5 a NATURAL JOIN atest5 b; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT (j.*) IS NULL FROM (atest5 a JOIN atest5 b USING (one)) j; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT 1 FROM atest5 WHERE two = 2; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT * FROM atest1, atest5; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT atest1.* FROM atest1, atest5; -- ok
|
|
|
|
|
a | b
|
|
|
|
|
---+-----
|
|
|
|
|
1 | two
|
|
|
|
|
1 | two
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
|
|
|
|
SELECT atest1.*,atest5.one FROM atest1, atest5; -- ok
|
|
|
|
|
a | b | one
|
|
|
|
|
---+-----+-----
|
|
|
|
|
1 | two | 1
|
|
|
|
|
1 | two | 1
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
|
|
|
|
SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.two); -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok
|
|
|
|
|
a | b | one
|
|
|
|
|
---+-----+-----
|
|
|
|
|
1 | two | 1
|
|
|
|
|
1 | two | 1
|
|
|
|
|
(2 rows)
|
|
|
|
|
|
|
|
|
|
SELECT one, two FROM atest5; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
GRANT SELECT (one,two) ON atest6 TO regressuser4;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
GRANT SELECT (two) ON atest5 TO regressuser4;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
|
|
|
|
|
one | two
|
|
|
|
|
-----+-----
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
-- test column-level privileges for INSERT and UPDATE
|
|
|
|
|
INSERT INTO atest5 (two) VALUES (3); -- ok
|
2009-02-06 22:15:12 +01:00
|
|
|
COPY atest5 FROM stdin; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
COPY atest5 (two) FROM stdin; -- ok
|
2009-01-22 21:16:10 +01:00
|
|
|
INSERT INTO atest5 (three) VALUES (4); -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
INSERT INTO atest5 VALUES (5,5,5); -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
UPDATE atest5 SET three = 10; -- ok
|
|
|
|
|
UPDATE atest5 SET one = 8; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
UPDATE atest5 SET three = 5, one = 2; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
REVOKE ALL (one) ON atest5 FROM regressuser4;
|
|
|
|
|
GRANT SELECT (one,two,blue) ON atest6 TO regressuser4;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT one FROM atest5; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
UPDATE atest5 SET one = 1; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SELECT atest6 FROM atest6; -- ok
|
|
|
|
|
atest6
|
|
|
|
|
--------
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
2009-02-06 22:15:12 +01:00
|
|
|
COPY atest6 TO stdout; -- ok
|
2009-01-22 21:16:10 +01:00
|
|
|
-- test column-level privileges when involved with DELETE
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
ALTER TABLE atest6 ADD COLUMN three integer;
|
|
|
|
|
GRANT DELETE ON atest5 TO regressuser3;
|
|
|
|
|
GRANT SELECT (two) ON atest5 TO regressuser3;
|
|
|
|
|
REVOKE ALL (one) ON atest5 FROM regressuser3;
|
|
|
|
|
GRANT SELECT (one) ON atest5 TO regressuser4;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT atest6 FROM atest6; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest6
|
|
|
|
|
SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
ALTER TABLE atest6 DROP COLUMN three;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT atest6 FROM atest6; -- ok
|
|
|
|
|
atest6
|
|
|
|
|
--------
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
SELECT one FROM atest5 NATURAL JOIN atest6; -- ok
|
|
|
|
|
one
|
|
|
|
|
-----
|
|
|
|
|
(0 rows)
|
|
|
|
|
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
ALTER TABLE atest6 DROP COLUMN two;
|
|
|
|
|
REVOKE SELECT (one,blue) ON atest6 FROM regressuser4;
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT * FROM atest6; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest6
|
|
|
|
|
SELECT 1 FROM atest6; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest6
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser3;
|
|
|
|
|
DELETE FROM atest5 WHERE one = 1; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest5
|
|
|
|
|
DELETE FROM atest5 WHERE two = 2; -- ok
|
2002-02-19 00:11:58 +01:00
|
|
|
-- privileges on functions, languages
|
|
|
|
|
-- switch to superuser
|
|
|
|
|
\c -
|
|
|
|
|
REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC;
|
|
|
|
|
GRANT USAGE ON LANGUAGE sql TO regressuser1; -- ok
|
|
|
|
|
GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail
|
|
|
|
|
ERROR: language "c" is not trusted
|
Wording cleanup for error messages. Also change can't -> cannot.
Standard English uses "may", "can", and "might" in different ways:
may - permission, "You may borrow my rake."
can - ability, "I can lift that log."
might - possibility, "It might rain today."
Unfortunately, in conversational English, their use is often mixed, as
in, "You may use this variable to do X", when in fact, "can" is a better
choice. Similarly, "It may crash" is better stated, "It might crash".
2007-02-01 20:10:30 +01:00
|
|
|
HINT: Only superusers can use untrusted languages.
|
2002-02-19 00:11:58 +01:00
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
GRANT USAGE ON LANGUAGE sql TO regressuser2; -- fail
|
2006-01-21 03:16:21 +01:00
|
|
|
WARNING: no privileges were granted for "sql"
|
2002-02-19 00:11:58 +01:00
|
|
|
CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql;
|
|
|
|
|
CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
|
2002-09-25 01:14:25 +02:00
|
|
|
REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int) FROM PUBLIC;
|
2002-02-19 00:11:58 +01:00
|
|
|
GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int) TO regressuser2;
|
|
|
|
|
GRANT USAGE ON FUNCTION testfunc1(int) TO regressuser3; -- semantic error
|
2003-07-21 03:59:11 +02:00
|
|
|
ERROR: invalid privilege type USAGE for function
|
2002-02-19 00:11:58 +01:00
|
|
|
GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regressuser4;
|
|
|
|
|
GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regressuser4;
|
2003-07-04 04:51:34 +02:00
|
|
|
ERROR: function testfunc_nosuch(integer) does not exist
|
2002-05-18 15:48:01 +02:00
|
|
|
CREATE FUNCTION testfunc4(boolean) RETURNS text
|
|
|
|
|
AS 'select col1 from atest2 where col2 = $1;'
|
|
|
|
|
LANGUAGE sql SECURITY DEFINER;
|
|
|
|
|
GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regressuser3;
|
2002-02-19 00:11:58 +01:00
|
|
|
SET SESSION AUTHORIZATION regressuser2;
|
|
|
|
|
SELECT testfunc1(5), testfunc2(5); -- ok
|
|
|
|
|
testfunc1 | testfunc2
|
|
|
|
|
-----------+-----------
|
|
|
|
|
10 | 15
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for language sql
|
2002-02-19 00:11:58 +01:00
|
|
|
SET SESSION AUTHORIZATION regressuser3;
|
|
|
|
|
SELECT testfunc1(5); -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for function testfunc1
|
2002-05-18 15:48:01 +02:00
|
|
|
SELECT col1 FROM atest2 WHERE col2 = true; -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: permission denied for relation atest2
|
2002-05-18 15:48:01 +02:00
|
|
|
SELECT testfunc4(true); -- ok
|
|
|
|
|
testfunc4
|
|
|
|
|
-----------
|
|
|
|
|
bar
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2002-02-19 00:11:58 +01:00
|
|
|
SET SESSION AUTHORIZATION regressuser4;
|
|
|
|
|
SELECT testfunc1(5); -- ok
|
|
|
|
|
testfunc1
|
|
|
|
|
-----------
|
|
|
|
|
10
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
DROP FUNCTION testfunc1(int); -- fail
|
2003-08-01 02:15:26 +02:00
|
|
|
ERROR: must be owner of function testfunc1
|
2002-02-19 00:11:58 +01:00
|
|
|
\c -
|
|
|
|
|
DROP FUNCTION testfunc1(int); -- ok
|
|
|
|
|
-- restore to sanity
|
|
|
|
|
GRANT ALL PRIVILEGES ON LANGUAGE sql TO PUBLIC;
|
2008-09-08 02:47:41 +02:00
|
|
|
-- truncate
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser5;
|
|
|
|
|
TRUNCATE atest2; -- ok
|
|
|
|
|
TRUNCATE atest3; -- fail
|
|
|
|
|
ERROR: permission denied for relation atest3
|
2001-06-14 03:09:22 +02:00
|
|
|
-- has_table_privilege function
|
|
|
|
|
-- bad-input checks
|
2005-06-28 07:09:14 +02:00
|
|
|
select has_table_privilege(NULL,'pg_authid','select');
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege('pg_shad','select');
|
2003-07-21 03:59:11 +02:00
|
|
|
ERROR: relation "pg_shad" does not exist
|
2005-06-28 07:09:14 +02:00
|
|
|
select has_table_privilege('nosuchuser','pg_authid','select');
|
|
|
|
|
ERROR: role "nosuchuser" does not exist
|
|
|
|
|
select has_table_privilege('pg_authid','sel');
|
2003-07-27 06:53:12 +02:00
|
|
|
ERROR: unrecognized privilege type: "sel"
|
2005-06-28 07:09:14 +02:00
|
|
|
select has_table_privilege(-999999,'pg_authid','update');
|
|
|
|
|
ERROR: role with OID 4293967297 does not exist
|
2006-09-05 23:08:36 +02:00
|
|
|
select has_table_privilege(1,'select');
|
2008-12-15 19:09:41 +01:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2001-06-14 03:09:22 +02:00
|
|
|
-- superuser
|
2002-02-19 00:11:58 +01:00
|
|
|
\c -
|
2005-06-28 07:09:14 +02:00
|
|
|
select has_table_privilege(current_user,'pg_authid','select');
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
select has_table_privilege(current_user,'pg_authid','insert');
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,'pg_authid','update')
|
|
|
|
|
from (select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,'pg_authid','delete')
|
|
|
|
|
from (select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2006-09-05 23:08:36 +02:00
|
|
|
-- 'rule' privilege no longer exists, but for backwards compatibility
|
|
|
|
|
-- has_table_privilege still recognizes the keyword and says FALSE
|
2001-06-14 03:09:22 +02:00
|
|
|
select has_table_privilege(current_user,t1.oid,'rule')
|
2005-06-28 07:09:14 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_authid') as t1;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
2006-09-05 23:08:36 +02:00
|
|
|
f
|
2001-06-14 03:09:22 +02:00
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(current_user,t1.oid,'references')
|
2005-06-28 07:09:14 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_authid') as t1;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,t1.oid,'select')
|
2005-06-28 07:09:14 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_authid') as t1,
|
2005-08-15 04:40:36 +02:00
|
|
|
(select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,t1.oid,'insert')
|
2005-06-28 07:09:14 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_authid') as t1,
|
2005-08-15 04:40:36 +02:00
|
|
|
(select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
select has_table_privilege('pg_authid','update');
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
select has_table_privilege('pg_authid','delete');
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2008-09-08 02:47:41 +02:00
|
|
|
select has_table_privilege('pg_authid','truncate');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2001-06-14 03:09:22 +02:00
|
|
|
select has_table_privilege(t1.oid,'select')
|
2005-06-28 07:09:14 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_authid') as t1;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(t1.oid,'trigger')
|
2005-06-28 07:09:14 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_authid') as t1;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
-- non-superuser
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser3;
|
|
|
|
|
select has_table_privilege(current_user,'pg_class','select');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(current_user,'pg_class','insert');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,'pg_class','update')
|
|
|
|
|
from (select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,'pg_class','delete')
|
|
|
|
|
from (select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(current_user,t1.oid,'references')
|
|
|
|
|
from (select oid from pg_class where relname = 'pg_class') as t1;
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,t1.oid,'select')
|
2001-06-14 03:09:22 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_class') as t1,
|
2005-08-15 04:40:36 +02:00
|
|
|
(select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,t1.oid,'insert')
|
2001-06-14 03:09:22 +02:00
|
|
|
from (select oid from pg_class where relname = 'pg_class') as t1,
|
2005-08-15 04:40:36 +02:00
|
|
|
(select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege('pg_class','update');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege('pg_class','delete');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2008-09-08 02:47:41 +02:00
|
|
|
select has_table_privilege('pg_class','truncate');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2001-06-14 03:09:22 +02:00
|
|
|
select has_table_privilege(t1.oid,'select')
|
|
|
|
|
from (select oid from pg_class where relname = 'pg_class') as t1;
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(t1.oid,'trigger')
|
|
|
|
|
from (select oid from pg_class where relname = 'pg_class') as t1;
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(current_user,'atest1','select');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(current_user,'atest1','insert');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,'atest1','update')
|
|
|
|
|
from (select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,'atest1','delete')
|
|
|
|
|
from (select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(current_user,t1.oid,'references')
|
|
|
|
|
from (select oid from pg_class where relname = 'atest1') as t1;
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,t1.oid,'select')
|
2001-06-14 03:09:22 +02:00
|
|
|
from (select oid from pg_class where relname = 'atest1') as t1,
|
2005-08-15 04:40:36 +02:00
|
|
|
(select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2005-08-15 04:40:36 +02:00
|
|
|
select has_table_privilege(t2.oid,t1.oid,'insert')
|
2001-06-14 03:09:22 +02:00
|
|
|
from (select oid from pg_class where relname = 'atest1') as t1,
|
2005-08-15 04:40:36 +02:00
|
|
|
(select oid from pg_roles where rolname = current_user) as t2;
|
2001-06-14 03:09:22 +02:00
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege('atest1','update');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege('atest1','delete');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2008-09-08 02:47:41 +02:00
|
|
|
select has_table_privilege('atest1','truncate');
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2001-06-14 03:09:22 +02:00
|
|
|
select has_table_privilege(t1.oid,'select')
|
|
|
|
|
from (select oid from pg_class where relname = 'atest1') as t1;
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
select has_table_privilege(t1.oid,'trigger')
|
|
|
|
|
from (select oid from pg_class where relname = 'atest1') as t1;
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2003-01-24 00:39:07 +01:00
|
|
|
-- Grant options
|
|
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
CREATE TABLE atest4 (a int);
|
|
|
|
|
GRANT SELECT ON atest4 TO regressuser2 WITH GRANT OPTION;
|
|
|
|
|
GRANT UPDATE ON atest4 TO regressuser2;
|
2005-06-28 07:09:14 +02:00
|
|
|
GRANT SELECT ON atest4 TO GROUP regressgroup1 WITH GRANT OPTION;
|
2003-01-24 00:39:07 +01:00
|
|
|
SET SESSION AUTHORIZATION regressuser2;
|
|
|
|
|
GRANT SELECT ON atest4 TO regressuser3;
|
|
|
|
|
GRANT UPDATE ON atest4 TO regressuser3; -- fail
|
2006-01-21 03:16:21 +01:00
|
|
|
WARNING: no privileges were granted for "atest4"
|
2003-01-24 00:39:07 +01:00
|
|
|
SET SESSION AUTHORIZATION regressuser1;
|
|
|
|
|
REVOKE SELECT ON atest4 FROM regressuser3; -- does nothing
|
|
|
|
|
SELECT has_table_privilege('regressuser3', 'atest4', 'SELECT'); -- true
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
REVOKE SELECT ON atest4 FROM regressuser2; -- fail
|
2003-07-27 06:53:12 +02:00
|
|
|
ERROR: dependent privileges exist
|
|
|
|
|
HINT: Use CASCADE to revoke them too.
|
2003-01-24 00:39:07 +01:00
|
|
|
REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regressuser2 CASCADE; -- ok
|
|
|
|
|
SELECT has_table_privilege('regressuser2', 'atest4', 'SELECT'); -- true
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
SELECT has_table_privilege('regressuser3', 'atest4', 'SELECT'); -- false
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
f
|
|
|
|
|
(1 row)
|
|
|
|
|
|
|
|
|
|
SELECT has_table_privilege('regressuser1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
|
|
|
|
|
has_table_privilege
|
|
|
|
|
---------------------
|
|
|
|
|
t
|
|
|
|
|
(1 row)
|
|
|
|
|
|
2001-05-27 11:59:30 +02:00
|
|
|
-- clean up
|
2008-07-03 18:01:10 +02:00
|
|
|
\c
|
2002-05-18 15:48:01 +02:00
|
|
|
DROP FUNCTION testfunc2(int);
|
|
|
|
|
DROP FUNCTION testfunc4(boolean);
|
2001-05-27 11:59:30 +02:00
|
|
|
DROP VIEW atestv1;
|
|
|
|
|
DROP VIEW atestv2;
|
2002-07-16 07:53:34 +02:00
|
|
|
-- this should cascade to drop atestv4
|
|
|
|
|
DROP VIEW atestv3 CASCADE;
|
2003-07-21 03:59:11 +02:00
|
|
|
NOTICE: drop cascades to view atestv4
|
2002-07-16 07:53:34 +02:00
|
|
|
-- this should complain "does not exist"
|
2002-05-19 17:13:20 +02:00
|
|
|
DROP VIEW atestv4;
|
2002-07-16 07:53:34 +02:00
|
|
|
ERROR: view "atestv4" does not exist
|
|
|
|
|
DROP TABLE atest1;
|
|
|
|
|
DROP TABLE atest2;
|
|
|
|
|
DROP TABLE atest3;
|
2003-01-24 00:39:07 +01:00
|
|
|
DROP TABLE atest4;
|
2009-01-22 21:16:10 +01:00
|
|
|
DROP TABLE atest5;
|
|
|
|
|
DROP TABLE atest6;
|
2001-05-27 11:59:30 +02:00
|
|
|
DROP GROUP regressgroup1;
|
|
|
|
|
DROP GROUP regressgroup2;
|
2005-07-07 22:40:02 +02:00
|
|
|
REVOKE USAGE ON LANGUAGE sql FROM regressuser1;
|
2001-05-27 11:59:30 +02:00
|
|
|
DROP USER regressuser1;
|
|
|
|
|
DROP USER regressuser2;
|
|
|
|
|
DROP USER regressuser3;
|
|
|
|
|
DROP USER regressuser4;
|
2008-09-08 02:47:41 +02:00
|
|
|
DROP USER regressuser5;
|
