Avoid permission failure in pg_sequences.last_value

Before, reading pg_sequences.last_value would fail unless the user had appropriate sequence permissions, which would make the pg_sequences view cumbersome to use. Instead, return null instead of the real value when there are no permissions. From: Michael Paquier <michael.paquier@gmail.com> Reported-by: Shinoda, Noriyoshi <noriyoshi.shinoda@hpe.com>
2017-02-06 15:17:27 -05:00 · 2017-02-06 15:17:27 -05:00 · ab82340a43
parent ad6af3fc42
commit ab82340a43
3 changed files with 13 additions and 3 deletions
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@ -9882,7 +9882,10 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
      <entry></entry>
      <entry>The last sequence value written to disk.  If caching is used,
       this value can be greater than the last value handed out from the
-       sequence.  Null if the sequence has not been read from yet.</entry>
+       sequence.  Null if the sequence has not been read from yet.  Also, if
+       the current user does not have <literal>USAGE</literal>
+       or <literal>SELECT</literal> privilege on the sequence, the value is
+       null.</entry>
     </row>
    </tbody>
   </tgroup>
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@ -175,7 +175,11 @@ CREATE OR REPLACE VIEW pg_sequences AS
        S.seqincrement AS increment_by,
        S.seqcycle AS cycle,
        S.seqcache AS cache_size,
-        pg_sequence_last_value(C.oid) AS last_value
+        CASE
+            WHEN has_sequence_privilege(C.oid, 'SELECT,USAGE'::text)
+                THEN pg_sequence_last_value(C.oid)
+            ELSE NULL
+        END AS last_value
    FROM pg_sequence S JOIN pg_class C ON (C.oid = S.seqrelid)
         LEFT JOIN pg_namespace N ON (N.oid = C.relnamespace)
    WHERE NOT pg_is_other_temp_schema(N.oid)
--- a/src/test/regress/expected/rules.out
+++ b/src/test/regress/expected/rules.out
@ -1647,7 +1647,10 @@ pg_sequences| SELECT n.nspname AS schemaname,
    s.seqincrement AS increment_by,
    s.seqcycle AS cycle,
    s.seqcache AS cache_size,
-    pg_sequence_last_value((c.oid)::regclass) AS last_value
+        CASE
+            WHEN has_sequence_privilege(c.oid, 'SELECT,USAGE'::text) THEN pg_sequence_last_value((c.oid)::regclass)
+            ELSE NULL::bigint
+        END AS last_value
   FROM ((pg_sequence s
     JOIN pg_class c ON ((c.oid = s.seqrelid)))
     LEFT JOIN pg_namespace n ON ((n.oid = c.relnamespace)))