From fb7db40ad26c3384f81d471442743076ade3f82a Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 15 Mar 2018 14:00:31 -0400 Subject: [PATCH] Clean up duplicate role and schema names in regression tests. Since these names are global, using the same ones in different regression tests creates a hazard of test failures if any two such scripts run concurrently. Let's establish a policy of not doing that. In the cases where a conflict existed, I chose to rename both sides: in principle one script or the other could've been left in possession of the common name, but that seems to just invite more trouble of the same sort. There are a number of places where scripts are using names that seem unduly generic, but in the absence of actual conflicts I left them alone. In addition, fix insert.sql's use of "someone_else" as a role name. That's a flat out violation of longstanding project policy, so back-patch that change to v10 where the usage appeared. The rest of this is just future-proofing, as no two of these scripts are actually run concurrently in the existing parallel_schedule. Conflicts of schema-qualified names also exist, but will be dealt with separately. Discussion: https://postgr.es/m/4627.1521070268@sss.pgh.pa.us --- src/test/regress/expected/alter_generic.out | 306 ++++----- src/test/regress/expected/alter_table.out | 10 +- .../regress/expected/create_procedure.out | 12 +- src/test/regress/expected/create_view.out | 2 +- src/test/regress/expected/identity.out | 8 +- src/test/regress/expected/insert.out | 18 +- src/test/regress/expected/namespace.out | 36 +- src/test/regress/expected/privileges.out | 590 +++++++++--------- src/test/regress/expected/rolenames.out | 4 +- src/test/regress/sql/alter_generic.sql | 158 ++--- src/test/regress/sql/alter_table.sql | 10 +- src/test/regress/sql/create_procedure.sql | 12 +- src/test/regress/sql/create_view.sql | 2 +- src/test/regress/sql/identity.sql | 8 +- src/test/regress/sql/insert.sql | 18 +- src/test/regress/sql/namespace.sql | 28 +- src/test/regress/sql/privileges.sql | 492 +++++++-------- src/test/regress/sql/rolenames.sql | 4 +- 18 files changed, 859 insertions(+), 859 deletions(-) diff --git a/src/test/regress/expected/alter_generic.out b/src/test/regress/expected/alter_generic.out index 3e40df1bd8..f24a17f40e 100644 --- a/src/test/regress/expected/alter_generic.out +++ b/src/test/regress/expected/alter_generic.out @@ -3,13 +3,13 @@ -- -- Clean up in case a prior regression run failed SET client_min_messages TO 'warning'; -DROP ROLE IF EXISTS regress_alter_user1; -DROP ROLE IF EXISTS regress_alter_user2; -DROP ROLE IF EXISTS regress_alter_user3; +DROP ROLE IF EXISTS regress_alter_generic_user1; +DROP ROLE IF EXISTS regress_alter_generic_user2; +DROP ROLE IF EXISTS regress_alter_generic_user3; RESET client_min_messages; -CREATE USER regress_alter_user3; -CREATE USER regress_alter_user2; -CREATE USER regress_alter_user1 IN ROLE regress_alter_user3; +CREATE USER regress_alter_generic_user3; +CREATE USER regress_alter_generic_user2; +CREATE USER regress_alter_generic_user1 IN ROLE regress_alter_generic_user3; CREATE SCHEMA alt_nsp1; CREATE SCHEMA alt_nsp2; GRANT ALL ON SCHEMA alt_nsp1, alt_nsp2 TO public; @@ -17,7 +17,7 @@ SET search_path = alt_nsp1, public; -- -- Function and Aggregate -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql AS 'SELECT $1 + 1'; CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql @@ -30,26 +30,26 @@ CREATE AGGREGATE alt_agg2 ( ); ALTER AGGREGATE alt_func1(int) RENAME TO alt_func3; -- failed (not aggregate) ERROR: function alt_func1(integer) is not an aggregate -ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_user3; -- failed (not aggregate) +ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_generic_user3; -- failed (not aggregate) ERROR: function alt_func1(integer) is not an aggregate ALTER AGGREGATE alt_func1(int) SET SCHEMA alt_nsp2; -- failed (not aggregate) ERROR: function alt_func1(integer) is not an aggregate ALTER FUNCTION alt_func1(int) RENAME TO alt_func2; -- failed (name conflict) ERROR: function alt_func2(integer) already exists in schema "alt_nsp1" ALTER FUNCTION alt_func1(int) RENAME TO alt_func3; -- OK -ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- OK +ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- OK ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp1; -- OK, already there ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- OK ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg2; -- failed (name conflict) ERROR: function alt_agg2(integer) already exists in schema "alt_nsp1" ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg3; -- OK -ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- OK +ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- OK ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql AS 'SELECT $1 + 2'; CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql @@ -63,10 +63,10 @@ CREATE AGGREGATE alt_agg2 ( ALTER FUNCTION alt_func3(int) RENAME TO alt_func4; -- failed (not owner) ERROR: must be owner of function alt_func3 ALTER FUNCTION alt_func1(int) RENAME TO alt_func4; -- OK -ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_user2; -- failed (not owner) +ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of function alt_func3 -ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER FUNCTION alt_func3(int) SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of function alt_func3 ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- failed (name conflicts) @@ -74,10 +74,10 @@ ERROR: function alt_func2(integer) already exists in schema "alt_nsp2" ALTER AGGREGATE alt_agg3(int) RENAME TO alt_agg4; -- failed (not owner) ERROR: must be owner of function alt_agg3 ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg4; -- OK -ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_user2; -- failed (not owner) +ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of function alt_agg3 -ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER AGGREGATE alt_agg3(int) SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of function alt_agg3 ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -88,16 +88,16 @@ SELECT n.nspname, proname, prorettype::regtype, prokind, a.rolname WHERE p.pronamespace = n.oid AND p.proowner = a.oid AND n.nspname IN ('alt_nsp1', 'alt_nsp2') ORDER BY nspname, proname; - nspname | proname | prorettype | prokind | rolname -----------+-----------+------------+---------+--------------------- - alt_nsp1 | alt_agg2 | integer | a | regress_alter_user2 - alt_nsp1 | alt_agg3 | integer | a | regress_alter_user1 - alt_nsp1 | alt_agg4 | integer | a | regress_alter_user2 - alt_nsp1 | alt_func2 | integer | f | regress_alter_user2 - alt_nsp1 | alt_func3 | integer | f | regress_alter_user1 - alt_nsp1 | alt_func4 | integer | f | regress_alter_user2 - alt_nsp2 | alt_agg2 | integer | a | regress_alter_user3 - alt_nsp2 | alt_func2 | integer | f | regress_alter_user3 + nspname | proname | prorettype | prokind | rolname +----------+-----------+------------+---------+----------------------------- + alt_nsp1 | alt_agg2 | integer | a | regress_alter_generic_user2 + alt_nsp1 | alt_agg3 | integer | a | regress_alter_generic_user1 + alt_nsp1 | alt_agg4 | integer | a | regress_alter_generic_user2 + alt_nsp1 | alt_func2 | integer | f | regress_alter_generic_user2 + alt_nsp1 | alt_func3 | integer | f | regress_alter_generic_user1 + alt_nsp1 | alt_func4 | integer | f | regress_alter_generic_user2 + alt_nsp2 | alt_agg2 | integer | a | regress_alter_generic_user3 + alt_nsp2 | alt_func2 | integer | f | regress_alter_generic_user3 (8 rows) -- @@ -107,26 +107,26 @@ SELECT n.nspname, proname, prorettype::regtype, prokind, a.rolname -- -- Conversion -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; ALTER CONVERSION alt_conv1 RENAME TO alt_conv2; -- failed (name conflict) ERROR: conversion "alt_conv2" already exists in schema "alt_nsp1" ALTER CONVERSION alt_conv1 RENAME TO alt_conv3; -- OK -ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- OK +ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- OK ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; ALTER CONVERSION alt_conv3 RENAME TO alt_conv4; -- failed (not owner) ERROR: must be owner of conversion alt_conv3 ALTER CONVERSION alt_conv1 RENAME TO alt_conv4; -- OK -ALTER CONVERSION alt_conv3 OWNER TO regress_alter_user2; -- failed (not owner) +ALTER CONVERSION alt_conv3 OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of conversion alt_conv3 -ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER CONVERSION alt_conv3 SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of conversion alt_conv3 ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -137,12 +137,12 @@ SELECT n.nspname, c.conname, a.rolname WHERE c.connamespace = n.oid AND c.conowner = a.oid AND n.nspname IN ('alt_nsp1', 'alt_nsp2') ORDER BY nspname, conname; - nspname | conname | rolname -----------+-----------+--------------------- - alt_nsp1 | alt_conv2 | regress_alter_user2 - alt_nsp1 | alt_conv3 | regress_alter_user1 - alt_nsp1 | alt_conv4 | regress_alter_user2 - alt_nsp2 | alt_conv2 | regress_alter_user3 + nspname | conname | rolname +----------+-----------+----------------------------- + alt_nsp1 | alt_conv2 | regress_alter_generic_user2 + alt_nsp1 | alt_conv3 | regress_alter_generic_user1 + alt_nsp1 | alt_conv4 | regress_alter_generic_user2 + alt_nsp2 | alt_conv2 | regress_alter_generic_user3 (4 rows) -- @@ -177,46 +177,46 @@ SELECT srvname FROM pg_foreign_server WHERE srvname like 'alt_fserv%'; -- CREATE LANGUAGE alt_lang1 HANDLER plpgsql_call_handler; CREATE LANGUAGE alt_lang2 HANDLER plpgsql_call_handler; -ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_user1; -- OK -ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user2; -- OK -SET SESSION AUTHORIZATION regress_alter_user1; +ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_generic_user1; -- OK +ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user2; -- OK +SET SESSION AUTHORIZATION regress_alter_generic_user1; ALTER LANGUAGE alt_lang1 RENAME TO alt_lang2; -- failed (name conflict) ERROR: language "alt_lang2" already exists ALTER LANGUAGE alt_lang2 RENAME TO alt_lang3; -- failed (not owner) ERROR: must be owner of language alt_lang2 ALTER LANGUAGE alt_lang1 RENAME TO alt_lang3; -- OK -ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user3; -- failed (not owner) +ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user3; -- failed (not owner) ERROR: must be owner of language alt_lang2 -ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user3; -- OK +ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user3; -- OK RESET SESSION AUTHORIZATION; SELECT lanname, a.rolname FROM pg_language l, pg_authid a WHERE l.lanowner = a.oid AND l.lanname like 'alt_lang%' ORDER BY lanname; - lanname | rolname ------------+--------------------- - alt_lang2 | regress_alter_user2 - alt_lang3 | regress_alter_user3 + lanname | rolname +-----------+----------------------------- + alt_lang2 | regress_alter_generic_user2 + alt_lang3 | regress_alter_generic_user3 (2 rows) -- -- Operator -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi ); CREATE OPERATOR @+@ ( leftarg = int4, rightarg = int4, procedure = int4pl ); -ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user3; -- OK +ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user3; -- OK ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi ); -ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (not owner) +ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of operator @+@ -ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER OPERATOR @+@(int4, int4) SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of operator @+@ -- can't test this: the error message includes the raw oid of namespace @@ -228,11 +228,11 @@ SELECT n.nspname, oprname, a.rolname, WHERE o.oprnamespace = n.oid AND o.oprowner = a.oid AND n.nspname IN ('alt_nsp1', 'alt_nsp2') ORDER BY nspname, oprname; - nspname | oprname | rolname | oprleft | oprright | oprcode -----------+---------+---------------------+---------+----------+--------- - alt_nsp1 | @+@ | regress_alter_user3 | integer | integer | int4pl - alt_nsp1 | @-@ | regress_alter_user2 | integer | integer | int4mi - alt_nsp2 | @-@ | regress_alter_user1 | integer | integer | int4mi + nspname | oprname | rolname | oprleft | oprright | oprcode +----------+---------+-----------------------------+---------+----------+--------- + alt_nsp1 | @+@ | regress_alter_generic_user3 | integer | integer | int4pl + alt_nsp1 | @-@ | regress_alter_generic_user2 | integer | integer | int4mi + alt_nsp2 | @-@ | regress_alter_generic_user1 | integer | integer | int4mi (3 rows) -- @@ -240,44 +240,44 @@ SELECT n.nspname, oprname, a.rolname, -- CREATE OPERATOR FAMILY alt_opf1 USING hash; CREATE OPERATOR FAMILY alt_opf2 USING hash; -ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user1; -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user1; +ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user1; +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user1; CREATE OPERATOR CLASS alt_opc1 FOR TYPE uuid USING hash AS STORAGE uuid; CREATE OPERATOR CLASS alt_opc2 FOR TYPE uuid USING hash AS STORAGE uuid; -ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user1; -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user1; -SET SESSION AUTHORIZATION regress_alter_user1; +ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user1; +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf2; -- failed (name conflict) ERROR: operator family "alt_opf2" for access method "hash" already exists in schema "alt_nsp1" ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf3; -- OK -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- OK +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- OK ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- OK ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc2; -- failed (name conflict) ERROR: operator class "alt_opc2" for access method "hash" already exists in schema "alt_nsp1" ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc3; -- OK -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- OK +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- OK ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- OK RESET SESSION AUTHORIZATION; CREATE OPERATOR FAMILY alt_opf1 USING hash; CREATE OPERATOR FAMILY alt_opf2 USING hash; -ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user2; -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; +ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user2; +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; CREATE OPERATOR CLASS alt_opc1 FOR TYPE macaddr USING hash AS STORAGE macaddr; CREATE OPERATOR CLASS alt_opc2 FOR TYPE macaddr USING hash AS STORAGE macaddr; -ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user2; -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; -SET SESSION AUTHORIZATION regress_alter_user2; +ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user2; +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; ALTER OPERATOR FAMILY alt_opf3 USING hash RENAME TO alt_opf4; -- failed (not owner) ERROR: must be owner of operator family alt_opf3 ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf4; -- OK -ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_user2; -- failed (not owner) +ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of operator family alt_opf3 -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER OPERATOR FAMILY alt_opf3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of operator family alt_opf3 ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -285,10 +285,10 @@ ERROR: operator family "alt_opf2" for access method "hash" already exists in sc ALTER OPERATOR CLASS alt_opc3 USING hash RENAME TO alt_opc4; -- failed (not owner) ERROR: must be owner of operator class alt_opc3 ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc4; -- OK -ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_user2; -- failed (not owner) +ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of operator class alt_opc3 -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER OPERATOR CLASS alt_opc3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of operator class alt_opc3 ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -300,12 +300,12 @@ SELECT nspname, opfname, amname, rolname AND n.nspname IN ('alt_nsp1', 'alt_nsp2') AND NOT opfname LIKE 'alt_opc%' ORDER BY nspname, opfname; - nspname | opfname | amname | rolname -----------+----------+--------+--------------------- - alt_nsp1 | alt_opf2 | hash | regress_alter_user2 - alt_nsp1 | alt_opf3 | hash | regress_alter_user1 - alt_nsp1 | alt_opf4 | hash | regress_alter_user2 - alt_nsp2 | alt_opf2 | hash | regress_alter_user3 + nspname | opfname | amname | rolname +----------+----------+--------+----------------------------- + alt_nsp1 | alt_opf2 | hash | regress_alter_generic_user2 + alt_nsp1 | alt_opf3 | hash | regress_alter_generic_user1 + alt_nsp1 | alt_opf4 | hash | regress_alter_generic_user2 + alt_nsp2 | alt_opf2 | hash | regress_alter_generic_user3 (4 rows) SELECT nspname, opcname, amname, rolname @@ -313,12 +313,12 @@ SELECT nspname, opcname, amname, rolname WHERE o.opcmethod = m.oid AND o.opcnamespace = n.oid AND o.opcowner = a.oid AND n.nspname IN ('alt_nsp1', 'alt_nsp2') ORDER BY nspname, opcname; - nspname | opcname | amname | rolname -----------+----------+--------+--------------------- - alt_nsp1 | alt_opc2 | hash | regress_alter_user2 - alt_nsp1 | alt_opc3 | hash | regress_alter_user1 - alt_nsp1 | alt_opc4 | hash | regress_alter_user2 - alt_nsp2 | alt_opc2 | hash | regress_alter_user3 + nspname | opcname | amname | rolname +----------+----------+--------+----------------------------- + alt_nsp1 | alt_opc2 | hash | regress_alter_generic_user2 + alt_nsp1 | alt_opc3 | hash | regress_alter_generic_user1 + alt_nsp1 | alt_opc4 | hash | regress_alter_generic_user2 + alt_nsp2 | alt_opc2 | hash | regress_alter_generic_user3 (4 rows) -- ALTER OPERATOR FAMILY ... ADD/DROP @@ -362,9 +362,9 @@ ERROR: STORAGE cannot be specified in ALTER OPERATOR FAMILY DROP OPERATOR FAMILY alt_opf4 USING btree; -- Should fail. Need to be SUPERUSER to do ALTER OPERATOR FAMILY .. ADD / DROP BEGIN TRANSACTION; -CREATE ROLE regress_alter_user5 NOSUPERUSER; +CREATE ROLE regress_alter_generic_user5 NOSUPERUSER; CREATE OPERATOR FAMILY alt_opf5 USING btree; -SET ROLE regress_alter_user5; +SET ROLE regress_alter_generic_user5; ALTER OPERATOR FAMILY alt_opf5 USING btree ADD OPERATOR 1 < (int4, int2), FUNCTION 1 btint42cmp(int4, int2); ERROR: must be superuser to alter an operator family RESET ROLE; @@ -374,11 +374,11 @@ ERROR: current transaction is aborted, commands ignored until end of transactio ROLLBACK; -- Should fail. Need rights to namespace for ALTER OPERATOR FAMILY .. ADD / DROP BEGIN TRANSACTION; -CREATE ROLE regress_alter_user6; +CREATE ROLE regress_alter_generic_user6; CREATE SCHEMA alt_nsp6; -REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_user6; +REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_generic_user6; CREATE OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree; -SET ROLE regress_alter_user6; +SET ROLE regress_alter_generic_user6; ALTER OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree ADD OPERATOR 1 < (int4, int2); ERROR: permission denied for schema alt_nsp6 ROLLBACK; @@ -499,28 +499,28 @@ DROP OPERATOR FAMILY alt_opf18 USING btree; -- -- Statistics -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE TABLE alt_regress_1 (a INTEGER, b INTEGER); CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_1; CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_1; ALTER STATISTICS alt_stat1 RENAME TO alt_stat2; -- failed (name conflict) ERROR: statistics object "alt_stat2" already exists in schema "alt_nsp1" ALTER STATISTICS alt_stat1 RENAME TO alt_stat3; -- failed (name conflict) -ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- OK +ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- OK ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE TABLE alt_regress_2 (a INTEGER, b INTEGER); CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_2; CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_2; ALTER STATISTICS alt_stat3 RENAME TO alt_stat4; -- failed (not owner) ERROR: must be owner of statistics object alt_stat3 ALTER STATISTICS alt_stat1 RENAME TO alt_stat4; -- OK -ALTER STATISTICS alt_stat3 OWNER TO regress_alter_user2; -- failed (not owner) +ALTER STATISTICS alt_stat3 OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of statistics object alt_stat3 -ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER STATISTICS alt_stat3 SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of statistics object alt_stat3 ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -531,37 +531,37 @@ SELECT nspname, stxname, rolname WHERE s.stxnamespace = n.oid AND s.stxowner = a.oid AND n.nspname in ('alt_nsp1', 'alt_nsp2') ORDER BY nspname, stxname; - nspname | stxname | rolname -----------+-----------+--------------------- - alt_nsp1 | alt_stat2 | regress_alter_user2 - alt_nsp1 | alt_stat3 | regress_alter_user1 - alt_nsp1 | alt_stat4 | regress_alter_user2 - alt_nsp2 | alt_stat2 | regress_alter_user3 + nspname | stxname | rolname +----------+-----------+----------------------------- + alt_nsp1 | alt_stat2 | regress_alter_generic_user2 + alt_nsp1 | alt_stat3 | regress_alter_generic_user1 + alt_nsp1 | alt_stat4 | regress_alter_generic_user2 + alt_nsp2 | alt_stat2 | regress_alter_generic_user3 (4 rows) -- -- Text Search Dictionary -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple); CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple); ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict2; -- failed (name conflict) ERROR: text search dictionary "alt_ts_dict2" already exists in schema "alt_nsp1" ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict3; -- OK -ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- OK +ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- OK ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple); CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple); ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 RENAME TO alt_ts_dict4; -- failed (not owner) ERROR: must be owner of text search dictionary alt_ts_dict3 ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict4; -- OK -ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_user2; -- failed (not owner) +ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of text search dictionary alt_ts_dict3 -ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of text search dictionary alt_ts_dict3 ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -572,37 +572,37 @@ SELECT nspname, dictname, rolname WHERE t.dictnamespace = n.oid AND t.dictowner = a.oid AND n.nspname in ('alt_nsp1', 'alt_nsp2') ORDER BY nspname, dictname; - nspname | dictname | rolname -----------+--------------+--------------------- - alt_nsp1 | alt_ts_dict2 | regress_alter_user2 - alt_nsp1 | alt_ts_dict3 | regress_alter_user1 - alt_nsp1 | alt_ts_dict4 | regress_alter_user2 - alt_nsp2 | alt_ts_dict2 | regress_alter_user3 + nspname | dictname | rolname +----------+--------------+----------------------------- + alt_nsp1 | alt_ts_dict2 | regress_alter_generic_user2 + alt_nsp1 | alt_ts_dict3 | regress_alter_generic_user1 + alt_nsp1 | alt_ts_dict4 | regress_alter_generic_user2 + alt_nsp2 | alt_ts_dict2 | regress_alter_generic_user3 (4 rows) -- -- Text Search Configuration -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english); CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english); ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf2; -- failed (name conflict) ERROR: text search configuration "alt_ts_conf2" already exists in schema "alt_nsp1" ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf3; -- OK -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user2; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user2" -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- OK +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user2" +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- OK ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english); CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english); ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 RENAME TO alt_ts_conf4; -- failed (not owner) ERROR: must be owner of text search configuration alt_ts_conf3 ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf4; -- OK -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_user2; -- failed (not owner) +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_generic_user2; -- failed (not owner) ERROR: must be owner of text search configuration alt_ts_conf3 -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- failed (no role membership) -ERROR: must be member of role "regress_alter_user3" +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) +ERROR: must be member of role "regress_alter_generic_user3" ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 SET SCHEMA alt_nsp2; -- failed (not owner) ERROR: must be owner of text search configuration alt_ts_conf3 ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -613,12 +613,12 @@ SELECT nspname, cfgname, rolname WHERE t.cfgnamespace = n.oid AND t.cfgowner = a.oid AND n.nspname in ('alt_nsp1', 'alt_nsp2') ORDER BY nspname, cfgname; - nspname | cfgname | rolname -----------+--------------+--------------------- - alt_nsp1 | alt_ts_conf2 | regress_alter_user2 - alt_nsp1 | alt_ts_conf3 | regress_alter_user1 - alt_nsp1 | alt_ts_conf4 | regress_alter_user2 - alt_nsp2 | alt_ts_conf2 | regress_alter_user3 + nspname | cfgname | rolname +----------+--------------+----------------------------- + alt_nsp1 | alt_ts_conf2 | regress_alter_generic_user2 + alt_nsp1 | alt_ts_conf3 | regress_alter_generic_user1 + alt_nsp1 | alt_ts_conf4 | regress_alter_generic_user2 + alt_nsp2 | alt_ts_conf2 | regress_alter_generic_user3 (4 rows) -- @@ -690,6 +690,6 @@ DROP SCHEMA alt_nsp1 CASCADE; NOTICE: drop cascades to 28 other objects DROP SCHEMA alt_nsp2 CASCADE; NOTICE: drop cascades to 9 other objects -DROP USER regress_alter_user1; -DROP USER regress_alter_user2; -DROP USER regress_alter_user3; +DROP USER regress_alter_generic_user1; +DROP USER regress_alter_generic_user2; +DROP USER regress_alter_generic_user3; diff --git a/src/test/regress/expected/alter_table.out b/src/test/regress/expected/alter_table.out index 04838dfad1..f709c256ae 100644 --- a/src/test/regress/expected/alter_table.out +++ b/src/test/regress/expected/alter_table.out @@ -3,9 +3,9 @@ -- -- Clean up in case a prior regression run failed SET client_min_messages TO 'warning'; -DROP ROLE IF EXISTS regress_alter_user1; +DROP ROLE IF EXISTS regress_alter_table_user1; RESET client_min_messages; -CREATE USER regress_alter_user1; +CREATE USER regress_alter_table_user1; -- -- add attribute -- @@ -216,14 +216,14 @@ ALTER INDEX IF EXISTS __tmp_onek_unique1 RENAME TO onek_unique1; NOTICE: relation "__tmp_onek_unique1" does not exist, skipping ALTER INDEX onek_unique1 RENAME TO tmp_onek_unique1; ALTER INDEX tmp_onek_unique1 RENAME TO onek_unique1; -SET ROLE regress_alter_user1; +SET ROLE regress_alter_table_user1; ALTER INDEX onek_unique1 RENAME TO fail; -- permission denied ERROR: must be owner of index onek_unique1 RESET ROLE; -- renaming views CREATE VIEW tmp_view (unique1) AS SELECT unique1 FROM tenk1; ALTER TABLE tmp_view RENAME TO tmp_view_new; -SET ROLE regress_alter_user1; +SET ROLE regress_alter_table_user1; ALTER VIEW tmp_view_new RENAME TO fail; -- permission denied ERROR: must be owner of view tmp_view_new RESET ROLE; @@ -3890,4 +3890,4 @@ ALTER TABLE tmp ALTER COLUMN i SET (n_distinct = 1, n_distinct_inherited = 2); ALTER TABLE tmp ALTER COLUMN i RESET (n_distinct_inherited); ANALYZE tmp; DROP TABLE tmp; -DROP USER regress_alter_user1; +DROP USER regress_alter_table_user1; diff --git a/src/test/regress/expected/create_procedure.out b/src/test/regress/expected/create_procedure.out index 6ff7e4ba04..d4619db5cf 100644 --- a/src/test/regress/expected/create_procedure.out +++ b/src/test/regress/expected/create_procedure.out @@ -129,15 +129,15 @@ ERROR: testfunc1(integer) is not a procedure DROP PROCEDURE nonexistent(); ERROR: procedure nonexistent() does not exist -- privileges -CREATE USER regress_user1; -GRANT INSERT ON cp_test TO regress_user1; +CREATE USER regress_cp_user1; +GRANT INSERT ON cp_test TO regress_cp_user1; REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC; -SET ROLE regress_user1; +SET ROLE regress_cp_user1; CALL ptest1('a'); -- error ERROR: permission denied for procedure ptest1 RESET ROLE; -GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1; -SET ROLE regress_user1; +GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_cp_user1; +SET ROLE regress_cp_user1; CALL ptest1('a'); -- ok RESET ROLE; -- ROUTINE syntax @@ -150,4 +150,4 @@ DROP ROUTINE testfunc1(int); DROP PROCEDURE ptest1; DROP PROCEDURE ptest2; DROP TABLE cp_test; -DROP USER regress_user1; +DROP USER regress_cp_user1; diff --git a/src/test/regress/expected/create_view.out b/src/test/regress/expected/create_view.out index 4468c85d77..141fc6da62 100644 --- a/src/test/regress/expected/create_view.out +++ b/src/test/regress/expected/create_view.out @@ -83,7 +83,7 @@ CREATE VIEW temp_view_test.v3_temp AS SELECT * FROM temp_table; NOTICE: view "v3_temp" will be a temporary view ERROR: cannot create temporary relation in non-temporary schema -- should fail -CREATE SCHEMA test_schema +CREATE SCHEMA test_view_schema CREATE TEMP VIEW testview AS SELECT 1; ERROR: cannot create temporary relation in non-temporary schema -- joins: if any of the join relations are temporary, the view diff --git a/src/test/regress/expected/identity.out b/src/test/regress/expected/identity.out index 5536044d9f..d7d5178f5d 100644 --- a/src/test/regress/expected/identity.out +++ b/src/test/regress/expected/identity.out @@ -360,10 +360,10 @@ ALTER TABLE itest7 ALTER COLUMN a SET GENERATED BY DEFAULT; ALTER TABLE itest7 ALTER COLUMN a RESTART; ALTER TABLE itest7 ALTER COLUMN a DROP IDENTITY; -- privileges -CREATE USER regress_user1; +CREATE USER regress_identity_user1; CREATE TABLE itest8 (a int GENERATED ALWAYS AS IDENTITY, b text); -GRANT SELECT, INSERT ON itest8 TO regress_user1; -SET ROLE regress_user1; +GRANT SELECT, INSERT ON itest8 TO regress_identity_user1; +SET ROLE regress_identity_user1; INSERT INTO itest8 DEFAULT VALUES; SELECT * FROM itest8; a | b @@ -373,7 +373,7 @@ SELECT * FROM itest8; RESET ROLE; DROP TABLE itest8; -DROP USER regress_user1; +DROP USER regress_identity_user1; -- typed tables (currently not supported) CREATE TYPE itest_type AS (f1 integer, f2 text, f3 bigint); CREATE TABLE itest12 OF itest_type (f1 WITH OPTIONS GENERATED ALWAYS AS IDENTITY); -- error diff --git a/src/test/regress/expected/insert.out b/src/test/regress/expected/insert.out index dcbaad8e2f..2ca085e1ba 100644 --- a/src/test/regress/expected/insert.out +++ b/src/test/regress/expected/insert.out @@ -619,16 +619,16 @@ select tableoid::regclass, * from mlparted_def; -- appropriate key description (or none) in various situations create table key_desc (a int, b int) partition by list ((a+0)); create table key_desc_1 partition of key_desc for values in (1) partition by range (b); -create user someone_else; -grant select (a) on key_desc_1 to someone_else; -grant insert on key_desc to someone_else; -set role someone_else; +create user regress_insert_other_user; +grant select (a) on key_desc_1 to regress_insert_other_user; +grant insert on key_desc to regress_insert_other_user; +set role regress_insert_other_user; -- no key description is shown insert into key_desc values (1, 1); ERROR: no partition of relation "key_desc_1" found for row reset role; -grant select (b) on key_desc_1 to someone_else; -set role someone_else; +grant select (b) on key_desc_1 to regress_insert_other_user; +set role regress_insert_other_user; -- key description (b)=(1) is now shown insert into key_desc values (1, 1); ERROR: no partition of relation "key_desc_1" found for row @@ -637,9 +637,9 @@ DETAIL: Partition key of the failing row contains (b) = (1). insert into key_desc values (2, 1); ERROR: no partition of relation "key_desc" found for row reset role; -revoke all on key_desc from someone_else; -revoke all on key_desc_1 from someone_else; -drop role someone_else; +revoke all on key_desc from regress_insert_other_user; +revoke all on key_desc_1 from regress_insert_other_user; +drop role regress_insert_other_user; drop table key_desc, key_desc_1; -- test minvalue/maxvalue restrictions create table mcrparted (a int, b int, c int) partition by range (a, abs(b), c); diff --git a/src/test/regress/expected/namespace.out b/src/test/regress/expected/namespace.out index b0cdd65af3..2564d1b080 100644 --- a/src/test/regress/expected/namespace.out +++ b/src/test/regress/expected/namespace.out @@ -1,7 +1,7 @@ -- -- Regression tests for schemas (namespaces) -- -CREATE SCHEMA test_schema_1 +CREATE SCHEMA test_ns_schema_1 CREATE UNIQUE INDEX abc_a_idx ON abc (a) CREATE VIEW abc_view AS SELECT a+1 AS a, b+1 AS b FROM abc @@ -11,16 +11,16 @@ CREATE SCHEMA test_schema_1 ); -- verify that the objects were created SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1'); + (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1'); count ------- 5 (1 row) -INSERT INTO test_schema_1.abc DEFAULT VALUES; -INSERT INTO test_schema_1.abc DEFAULT VALUES; -INSERT INTO test_schema_1.abc DEFAULT VALUES; -SELECT * FROM test_schema_1.abc; +INSERT INTO test_ns_schema_1.abc DEFAULT VALUES; +INSERT INTO test_ns_schema_1.abc DEFAULT VALUES; +INSERT INTO test_ns_schema_1.abc DEFAULT VALUES; +SELECT * FROM test_ns_schema_1.abc; a | b ---+--- 1 | @@ -28,7 +28,7 @@ SELECT * FROM test_schema_1.abc; 3 | (3 rows) -SELECT * FROM test_schema_1.abc_view; +SELECT * FROM test_ns_schema_1.abc_view; a | b ---+--- 2 | @@ -36,20 +36,20 @@ SELECT * FROM test_schema_1.abc_view; 4 | (3 rows) -ALTER SCHEMA test_schema_1 RENAME TO test_schema_renamed; +ALTER SCHEMA test_ns_schema_1 RENAME TO test_ns_schema_renamed; SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1'); + (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1'); count ------- 0 (1 row) -- test IF NOT EXISTS cases -CREATE SCHEMA test_schema_renamed; -- fail, already exists -ERROR: schema "test_schema_renamed" already exists -CREATE SCHEMA IF NOT EXISTS test_schema_renamed; -- ok with notice -NOTICE: schema "test_schema_renamed" already exists, skipping -CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed +CREATE SCHEMA test_ns_schema_renamed; -- fail, already exists +ERROR: schema "test_ns_schema_renamed" already exists +CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed; -- ok with notice +NOTICE: schema "test_ns_schema_renamed" already exists, skipping +CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed -- fail, disallowed CREATE TABLE abc ( a serial, b int UNIQUE @@ -57,13 +57,13 @@ CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed ERROR: CREATE SCHEMA IF NOT EXISTS cannot include schema elements LINE 2: CREATE TABLE abc ( ^ -DROP SCHEMA test_schema_renamed CASCADE; +DROP SCHEMA test_ns_schema_renamed CASCADE; NOTICE: drop cascades to 2 other objects -DETAIL: drop cascades to table test_schema_renamed.abc -drop cascades to view test_schema_renamed.abc_view +DETAIL: drop cascades to table test_ns_schema_renamed.abc +drop cascades to view test_ns_schema_renamed.abc_view -- verify that the objects were dropped SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_renamed'); + (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_renamed'); count ------- 0 diff --git a/src/test/regress/expected/privileges.out b/src/test/regress/expected/privileges.out index cf53b37383..e41404b66a 100644 --- a/src/test/regress/expected/privileges.out +++ b/src/test/regress/expected/privileges.out @@ -4,14 +4,14 @@ -- Clean up in case a prior regression run failed -- Suppress NOTICE messages when users/groups don't exist SET client_min_messages TO 'warning'; -DROP ROLE IF EXISTS regress_group1; -DROP ROLE IF EXISTS regress_group2; -DROP ROLE IF EXISTS regress_user1; -DROP ROLE IF EXISTS regress_user2; -DROP ROLE IF EXISTS regress_user3; -DROP ROLE IF EXISTS regress_user4; -DROP ROLE IF EXISTS regress_user5; -DROP ROLE IF EXISTS regress_user6; +DROP ROLE IF EXISTS regress_priv_group1; +DROP ROLE IF EXISTS regress_priv_group2; +DROP ROLE IF EXISTS regress_priv_user1; +DROP ROLE IF EXISTS regress_priv_user2; +DROP ROLE IF EXISTS regress_priv_user3; +DROP ROLE IF EXISTS regress_priv_user4; +DROP ROLE IF EXISTS regress_priv_user5; +DROP ROLE IF EXISTS regress_priv_user6; SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid; lo_unlink ----------- @@ -19,26 +19,26 @@ SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3 RESET client_min_messages; -- test proper begins here -CREATE USER regress_user1; -CREATE USER regress_user2; -CREATE USER regress_user3; -CREATE USER regress_user4; -CREATE USER regress_user5; -CREATE USER regress_user5; -- duplicate -ERROR: role "regress_user5" already exists -CREATE GROUP regress_group1; -CREATE GROUP regress_group2 WITH USER regress_user1, regress_user2; -ALTER GROUP regress_group1 ADD USER regress_user4; -ALTER GROUP regress_group2 ADD USER regress_user2; -- duplicate -NOTICE: role "regress_user2" is already a member of role "regress_group2" -ALTER GROUP regress_group2 DROP USER regress_user2; -GRANT regress_group2 TO regress_user4 WITH ADMIN OPTION; +CREATE USER regress_priv_user1; +CREATE USER regress_priv_user2; +CREATE USER regress_priv_user3; +CREATE USER regress_priv_user4; +CREATE USER regress_priv_user5; +CREATE USER regress_priv_user5; -- duplicate +ERROR: role "regress_priv_user5" already exists +CREATE GROUP regress_priv_group1; +CREATE GROUP regress_priv_group2 WITH USER regress_priv_user1, regress_priv_user2; +ALTER GROUP regress_priv_group1 ADD USER regress_priv_user4; +ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2; -- duplicate +NOTICE: role "regress_priv_user2" is already a member of role "regress_priv_group2" +ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2; +GRANT regress_priv_group2 TO regress_priv_user4 WITH ADMIN OPTION; -- test owner privileges -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT session_user, current_user; - session_user | current_user ----------------+--------------- - regress_user1 | regress_user1 + session_user | current_user +--------------------+-------------------- + regress_priv_user1 | regress_priv_user1 (1 row) CREATE TABLE atest1 ( a int, b text ); @@ -60,23 +60,23 @@ SELECT * FROM atest1; ---+--- (0 rows) -GRANT ALL ON atest1 TO regress_user2; -GRANT SELECT ON atest1 TO regress_user3, regress_user4; +GRANT ALL ON atest1 TO regress_priv_user2; +GRANT SELECT ON atest1 TO regress_priv_user3, regress_priv_user4; SELECT * FROM atest1; a | b ---+--- (0 rows) CREATE TABLE atest2 (col1 varchar(10), col2 boolean); -GRANT SELECT ON atest2 TO regress_user2; -GRANT UPDATE ON atest2 TO regress_user3; -GRANT INSERT ON atest2 TO regress_user4; -GRANT TRUNCATE ON atest2 TO regress_user5; -SET SESSION AUTHORIZATION regress_user2; +GRANT SELECT ON atest2 TO regress_priv_user2; +GRANT UPDATE ON atest2 TO regress_priv_user3; +GRANT INSERT ON atest2 TO regress_priv_user4; +GRANT TRUNCATE ON atest2 TO regress_priv_user5; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT session_user, current_user; - session_user | current_user ----------------+--------------- - regress_user2 | regress_user2 + session_user | current_user +--------------------+-------------------- + regress_priv_user2 | regress_priv_user2 (1 row) -- try various combinations of queries on atest1 and atest2 @@ -129,11 +129,11 @@ SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) ); ------+------ (0 rows) -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; SELECT session_user, current_user; - session_user | current_user ----------------+--------------- - regress_user3 | regress_user3 + session_user | current_user +--------------------+-------------------- + regress_priv_user3 | regress_priv_user3 (1 row) SELECT * FROM atest1; -- ok @@ -175,7 +175,7 @@ SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) ); ERROR: permission denied for table atest2 SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) ); ERROR: permission denied for table atest2 -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; COPY atest2 FROM stdin; -- ok SELECT * FROM atest1; -- ok a | b @@ -185,8 +185,8 @@ SELECT * FROM atest1; -- ok (2 rows) -- test leaky-function protections in selfuncs --- regress_user1 will own a table and provide a view for it. -SET SESSION AUTHORIZATION regress_user1; +-- regress_priv_user1 will own a table and provide a view for it. +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atest12 as SELECT x AS a, 10001 - x AS b FROM generate_series(1,10000) x; CREATE INDEX ON atest12 (a); @@ -225,8 +225,8 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y Index Cond: (a = y.b) (5 rows) --- Check if regress_user2 can break security. -SET SESSION AUTHORIZATION regress_user2; +-- Check if regress_priv_user2 can break security. +SET SESSION AUTHORIZATION regress_priv_user2; CREATE FUNCTION leak2(integer,integer) RETURNS boolean AS $$begin raise notice 'leak % %', $1, $2; return $1 > $2; end$$ LANGUAGE plpgsql immutable; @@ -248,11 +248,11 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b; Filter: (b <<< 5) (7 rows) --- Now regress_user1 grants sufficient access to regress_user2. -SET SESSION AUTHORIZATION regress_user1; +-- Now regress_priv_user1 grants sufficient access to regress_priv_user2. +SET SESSION AUTHORIZATION regress_priv_user1; GRANT SELECT (a, b) ON atest12 TO PUBLIC; -SET SESSION AUTHORIZATION regress_user2; --- Now regress_user2 will also get a good row estimate. +SET SESSION AUTHORIZATION regress_priv_user2; +-- Now regress_priv_user2 will also get a good row estimate. EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b; QUERY PLAN ------------------------------------------------- @@ -278,19 +278,19 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y Filter: (abs(a) <<< 5) (6 rows) --- clean up (regress_user1's objects are all dropped later) +-- clean up (regress_priv_user1's objects are all dropped later) DROP FUNCTION leak2(integer, integer) CASCADE; NOTICE: drop cascades to operator >>>(integer,integer) -- groups -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; CREATE TABLE atest3 (one int, two int, three int); -GRANT DELETE ON atest3 TO GROUP regress_group2; -SET SESSION AUTHORIZATION regress_user1; +GRANT DELETE ON atest3 TO GROUP regress_priv_group2; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT * FROM atest3; -- fail ERROR: permission denied for table atest3 DELETE FROM atest3; -- ok -- views -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok /* The next *should* fail, but it's not implemented that way yet. */ CREATE VIEW atestv2 AS SELECT * FROM atest2; @@ -306,9 +306,9 @@ SELECT * FROM atestv1; -- ok SELECT * FROM atestv2; -- fail ERROR: permission denied for table atest2 -GRANT SELECT ON atestv1, atestv3 TO regress_user4; -GRANT SELECT ON atestv2 TO regress_user2; -SET SESSION AUTHORIZATION regress_user4; +GRANT SELECT ON atestv1, atestv3 TO regress_priv_user4; +GRANT SELECT ON atestv2 TO regress_priv_user2; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT * FROM atestv1; -- ok a | b ---+----- @@ -346,12 +346,12 @@ SELECT * FROM atestv4; -- ok -----+-----+------- (0 rows) -GRANT SELECT ON atestv4 TO regress_user2; -SET SESSION AUTHORIZATION regress_user2; +GRANT SELECT ON atestv4 TO regress_priv_user2; +SET SESSION AUTHORIZATION regress_priv_user2; -- Two complex cases: SELECT * FROM atestv3; -- fail ERROR: permission denied for view atestv3 -SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3) +SELECT * FROM atestv4; -- ok (even though regress_priv_user2 cannot access underlying atestv3) one | two | three -----+-----+------- (0 rows) @@ -362,16 +362,16 @@ SELECT * FROM atest2; -- ok bar | t (1 row) -SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2) +SELECT * FROM atestv2; -- fail (even though regress_priv_user2 can access underlying atest2) ERROR: permission denied for table atest2 -- Test column level permissions -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atest5 (one int, two int unique, three int, four int unique); CREATE TABLE atest6 (one int, two int, blue int); -GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_user4; -GRANT ALL (one) ON atest5 TO regress_user3; +GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user4; +GRANT ALL (one) ON atest5 TO regress_priv_user3; INSERT INTO atest5 VALUES (1,2,3); -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT * FROM atest5; -- fail ERROR: permission denied for table atest5 SELECT one FROM atest5; -- ok @@ -437,14 +437,14 @@ SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); - SELECT one, two FROM atest5; -- fail ERROR: permission denied for table atest5 -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT (one,two) ON atest6 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT (one,two) ON atest6 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still ERROR: permission denied for table atest5 -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT (two) ON atest5 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT (two) ON atest5 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now one | two -----+----- @@ -490,23 +490,23 @@ ERROR: permission denied for table atest5 -- Check that the columns in the inference require select privileges INSERT INTO atest5(four) VALUES (4); -- fail ERROR: permission denied for table atest5 -SET SESSION AUTHORIZATION regress_user1; -GRANT INSERT (four) ON atest5 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT INSERT (four) ON atest5 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT) ERROR: permission denied for table atest5 INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT) ERROR: permission denied for table atest5 INSERT INTO atest5(four) VALUES (4); -- ok -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT (four) ON atest5 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT (four) ON atest5 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- ok INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- ok -SET SESSION AUTHORIZATION regress_user1; -REVOKE ALL (one) ON atest5 FROM regress_user4; -GRANT SELECT (one,two,blue) ON atest6 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +REVOKE ALL (one) ON atest5 FROM regress_priv_user4; +GRANT SELECT (one,two,blue) ON atest6 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT one FROM atest5; -- fail ERROR: permission denied for table atest5 UPDATE atest5 SET one = 1; -- fail @@ -518,18 +518,18 @@ SELECT atest6 FROM atest6; -- ok COPY atest6 TO stdout; -- ok -- check error reporting with column privs -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE t1 (c1 int, c2 int, c3 int check (c3 < 5), primary key (c1, c2)); -GRANT SELECT (c1) ON t1 TO regress_user2; -GRANT INSERT (c1, c2, c3) ON t1 TO regress_user2; -GRANT UPDATE (c1, c2, c3) ON t1 TO regress_user2; +GRANT SELECT (c1) ON t1 TO regress_priv_user2; +GRANT INSERT (c1, c2, c3) ON t1 TO regress_priv_user2; +GRANT UPDATE (c1, c2, c3) ON t1 TO regress_priv_user2; -- seed data INSERT INTO t1 VALUES (1, 1, 1); INSERT INTO t1 VALUES (1, 2, 1); INSERT INTO t1 VALUES (2, 1, 2); INSERT INTO t1 VALUES (2, 2, 2); INSERT INTO t1 VALUES (3, 1, 3); -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; INSERT INTO t1 (c1, c2) VALUES (1, 1); -- fail, but row not shown ERROR: duplicate key value violates unique constraint "t1_pkey" UPDATE t1 SET c2 = 1; -- fail, but row not shown @@ -546,23 +546,23 @@ DETAIL: Failing row contains (c1) = (5). UPDATE t1 SET c3 = 10; -- fail, but see columns with SELECT rights, or being modified ERROR: new row for relation "t1" violates check constraint "t1_c3_check" DETAIL: Failing row contains (c1, c3) = (1, 10). -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; DROP TABLE t1; -- test column-level privileges when involved with DELETE -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; ALTER TABLE atest6 ADD COLUMN three integer; -GRANT DELETE ON atest5 TO regress_user3; -GRANT SELECT (two) ON atest5 TO regress_user3; -REVOKE ALL (one) ON atest5 FROM regress_user3; -GRANT SELECT (one) ON atest5 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +GRANT DELETE ON atest5 TO regress_priv_user3; +GRANT SELECT (two) ON atest5 TO regress_priv_user3; +REVOKE ALL (one) ON atest5 FROM regress_priv_user3; +GRANT SELECT (one) ON atest5 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT atest6 FROM atest6; -- fail ERROR: permission denied for table atest6 SELECT one FROM atest5 NATURAL JOIN atest6; -- fail ERROR: permission denied for table atest5 -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; ALTER TABLE atest6 DROP COLUMN three; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT atest6 FROM atest6; -- ok atest6 -------- @@ -573,26 +573,26 @@ SELECT one FROM atest5 NATURAL JOIN atest6; -- ok ----- (0 rows) -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; ALTER TABLE atest6 DROP COLUMN two; -REVOKE SELECT (one,blue) ON atest6 FROM regress_user4; -SET SESSION AUTHORIZATION regress_user4; +REVOKE SELECT (one,blue) ON atest6 FROM regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT * FROM atest6; -- fail ERROR: permission denied for table atest6 SELECT 1 FROM atest6; -- fail ERROR: permission denied for table atest6 -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; DELETE FROM atest5 WHERE one = 1; -- fail ERROR: permission denied for table atest5 DELETE FROM atest5 WHERE two = 2; -- ok -- check inheritance cases -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atestp1 (f1 int, f2 int) WITH OIDS; CREATE TABLE atestp2 (fx int, fy int) WITH OIDS; CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2); -GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_user2; -GRANT SELECT(fx) ON atestc TO regress_user2; -SET SESSION AUTHORIZATION regress_user2; +GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_priv_user2; +GRANT SELECT(fx) ON atestc TO regress_priv_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT fx FROM atestp2; -- ok fx ---- @@ -615,9 +615,9 @@ SELECT oid FROM atestp2; -- ok SELECT fy FROM atestc; -- fail ERROR: permission denied for table atestc -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT(fy,oid) ON atestc TO regress_user2; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT(fy,oid) ON atestc TO regress_priv_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT fx FROM atestp2; -- still ok fx ---- @@ -642,39 +642,39 @@ SELECT oid FROM atestp2; -- ok -- switch to superuser \c - REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC; -GRANT USAGE ON LANGUAGE sql TO regress_user1; -- ok +GRANT USAGE ON LANGUAGE sql TO regress_priv_user1; -- ok GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail ERROR: language "c" is not trusted DETAIL: GRANT and REVOKE are not allowed on untrusted languages, because only superusers can use untrusted languages. -SET SESSION AUTHORIZATION regress_user1; -GRANT USAGE ON LANGUAGE sql TO regress_user2; -- fail +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT USAGE ON LANGUAGE sql TO regress_priv_user2; -- fail WARNING: no privileges were granted for "sql" CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; CREATE AGGREGATE testagg1(int) (sfunc = int4pl, stype = int4); CREATE PROCEDURE testproc1(int) AS 'select $1;' LANGUAGE sql; REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) FROM PUBLIC; -GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_user2; +GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_priv_user2; REVOKE ALL ON FUNCTION testproc1(int) FROM PUBLIC; -- fail, not a function ERROR: testproc1(integer) is not a function REVOKE ALL ON PROCEDURE testproc1(int) FROM PUBLIC; -GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_user2; -GRANT USAGE ON FUNCTION testfunc1(int) TO regress_user3; -- semantic error +GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_priv_user2; +GRANT USAGE ON FUNCTION testfunc1(int) TO regress_priv_user3; -- semantic error ERROR: invalid privilege type USAGE for function -GRANT USAGE ON FUNCTION testagg1(int) TO regress_user3; -- semantic error +GRANT USAGE ON FUNCTION testagg1(int) TO regress_priv_user3; -- semantic error ERROR: invalid privilege type USAGE for function -GRANT USAGE ON PROCEDURE testproc1(int) TO regress_user3; -- semantic error +GRANT USAGE ON PROCEDURE testproc1(int) TO regress_priv_user3; -- semantic error ERROR: invalid privilege type USAGE for procedure -GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_user4; -GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_user4; +GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_priv_user4; +GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_priv_user4; ERROR: function testfunc_nosuch(integer) does not exist -GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_user4; -GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_user4; +GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_priv_user4; +GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_priv_user4; CREATE FUNCTION testfunc4(boolean) RETURNS text AS 'select col1 from atest2 where col2 = $1;' LANGUAGE sql SECURITY DEFINER; -GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_user3; -SET SESSION AUTHORIZATION regress_user2; +GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_priv_user3; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT testfunc1(5), testfunc2(5); -- ok testfunc1 | testfunc2 -----------+----------- @@ -690,7 +690,7 @@ SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok (1 row) CALL testproc1(6); -- ok -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; SELECT testfunc1(5); -- fail ERROR: permission denied for function testfunc1 SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail @@ -705,7 +705,7 @@ SELECT testfunc4(true); -- ok bar (1 row) -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT testfunc1(5); -- ok testfunc1 ----------- @@ -744,7 +744,7 @@ SELECT '{1}'::int4[]::int8[]; --superuser, suceed {1} (1 row) -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT '{1}'::int4[]::int8[]; --other user, fail ERROR: permission denied for function int8 ROLLBACK; @@ -753,17 +753,17 @@ ROLLBACK; \c - CREATE TYPE testtype1 AS (a int, b text); REVOKE USAGE ON TYPE testtype1 FROM PUBLIC; -GRANT USAGE ON TYPE testtype1 TO regress_user2; -GRANT USAGE ON TYPE _testtype1 TO regress_user2; -- fail +GRANT USAGE ON TYPE testtype1 TO regress_priv_user2; +GRANT USAGE ON TYPE _testtype1 TO regress_priv_user2; -- fail ERROR: cannot set privileges of array types HINT: Set the privileges of the element type instead. -GRANT USAGE ON DOMAIN testtype1 TO regress_user2; -- fail +GRANT USAGE ON DOMAIN testtype1 TO regress_priv_user2; -- fail ERROR: "testtype1" is not a domain CREATE DOMAIN testdomain1 AS int; REVOKE USAGE on DOMAIN testdomain1 FROM PUBLIC; -GRANT USAGE ON DOMAIN testdomain1 TO regress_user2; -GRANT USAGE ON TYPE testdomain1 TO regress_user2; -- ok -SET SESSION AUTHORIZATION regress_user1; +GRANT USAGE ON DOMAIN testdomain1 TO regress_priv_user2; +GRANT USAGE ON TYPE testdomain1 TO regress_priv_user2; -- ok +SET SESSION AUTHORIZATION regress_priv_user1; -- commands that should fail CREATE AGGREGATE testagg1a(testdomain1) (sfunc = int4_sum, stype = bigint); ERROR: permission denied for type testdomain1 @@ -803,7 +803,7 @@ CREATE TABLE test11a AS (SELECT 1::testdomain1 AS a); ERROR: permission denied for type testdomain1 REVOKE ALL ON TYPE testtype1 FROM PUBLIC; ERROR: permission denied for type testtype1 -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; -- commands that should succeed CREATE AGGREGATE testagg1b(testdomain1) (sfunc = int4_sum, stype = bigint); CREATE DOMAIN testdomain2b AS testdomain1; @@ -846,7 +846,7 @@ DROP TABLE test11b; DROP TYPE testtype1; -- ok DROP DOMAIN testdomain1; -- ok -- truncate -SET SESSION AUTHORIZATION regress_user5; +SET SESSION AUTHORIZATION regress_priv_user5; TRUNCATE atest2; -- ok TRUNCATE atest3; -- fail ERROR: permission denied for table atest3 @@ -969,7 +969,7 @@ from (select oid from pg_class where relname = 'pg_authid') as t1; (1 row) -- non-superuser -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; select has_table_privilege(current_user,'pg_class','select'); has_table_privilege --------------------- @@ -1133,93 +1133,93 @@ from (select oid from pg_class where relname = 'atest1') as t1; (1 row) -- Grant options -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atest4 (a int); -GRANT SELECT ON atest4 TO regress_user2 WITH GRANT OPTION; -GRANT UPDATE ON atest4 TO regress_user2; -GRANT SELECT ON atest4 TO GROUP regress_group1 WITH GRANT OPTION; -SET SESSION AUTHORIZATION regress_user2; -GRANT SELECT ON atest4 TO regress_user3; -GRANT UPDATE ON atest4 TO regress_user3; -- fail +GRANT SELECT ON atest4 TO regress_priv_user2 WITH GRANT OPTION; +GRANT UPDATE ON atest4 TO regress_priv_user2; +GRANT SELECT ON atest4 TO GROUP regress_priv_group1 WITH GRANT OPTION; +SET SESSION AUTHORIZATION regress_priv_user2; +GRANT SELECT ON atest4 TO regress_priv_user3; +GRANT UPDATE ON atest4 TO regress_priv_user3; -- fail WARNING: no privileges were granted for "atest4" -SET SESSION AUTHORIZATION regress_user1; -REVOKE SELECT ON atest4 FROM regress_user3; -- does nothing -SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- true +SET SESSION AUTHORIZATION regress_priv_user1; +REVOKE SELECT ON atest4 FROM regress_priv_user3; -- does nothing +SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) -REVOKE SELECT ON atest4 FROM regress_user2; -- fail +REVOKE SELECT ON atest4 FROM regress_priv_user2; -- fail ERROR: dependent privileges exist HINT: Use CASCADE to revoke them too. -REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_user2 CASCADE; -- ok -SELECT has_table_privilege('regress_user2', 'atest4', 'SELECT'); -- true +REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_priv_user2 CASCADE; -- ok +SELECT has_table_privilege('regress_priv_user2', 'atest4', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) -SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- false +SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- false has_table_privilege --------------------- f (1 row) -SELECT has_table_privilege('regress_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true +SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true has_table_privilege --------------------- t (1 row) -- Admin options -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS - 'GRANT regress_group2 TO regress_user5'; -GRANT regress_group2 TO regress_user5; -- ok: had ADMIN OPTION -SET ROLE regress_group2; -GRANT regress_group2 TO regress_user5; -- fails: SET ROLE suspended privilege -ERROR: must have admin option on role "regress_group2" -SET SESSION AUTHORIZATION regress_user1; -GRANT regress_group2 TO regress_user5; -- fails: no ADMIN OPTION -ERROR: must have admin option on role "regress_group2" + 'GRANT regress_priv_group2 TO regress_priv_user5'; +GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION +SET ROLE regress_priv_group2; +GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege +ERROR: must have admin option on role "regress_priv_group2" +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION +ERROR: must have admin option on role "regress_priv_group2" SELECT dogrant_ok(); -- ok: SECURITY DEFINER conveys ADMIN -NOTICE: role "regress_user5" is already a member of role "regress_group2" +NOTICE: role "regress_priv_user5" is already a member of role "regress_priv_group2" dogrant_ok ------------ (1 row) -SET ROLE regress_group2; -GRANT regress_group2 TO regress_user5; -- fails: SET ROLE did not help -ERROR: must have admin option on role "regress_group2" -SET SESSION AUTHORIZATION regress_group2; -GRANT regress_group2 TO regress_user5; -- ok: a role can self-admin -NOTICE: role "regress_user5" is already a member of role "regress_group2" +SET ROLE regress_priv_group2; +GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help +ERROR: must have admin option on role "regress_priv_group2" +SET SESSION AUTHORIZATION regress_priv_group2; +GRANT regress_priv_group2 TO regress_priv_user5; -- ok: a role can self-admin +NOTICE: role "regress_priv_user5" is already a member of role "regress_priv_group2" CREATE FUNCTION dogrant_fails() RETURNS void LANGUAGE sql SECURITY DEFINER AS - 'GRANT regress_group2 TO regress_user5'; + 'GRANT regress_priv_group2 TO regress_priv_user5'; SELECT dogrant_fails(); -- fails: no self-admin in SECURITY DEFINER -ERROR: must have admin option on role "regress_group2" +ERROR: must have admin option on role "regress_priv_group2" CONTEXT: SQL function "dogrant_fails" statement 1 DROP FUNCTION dogrant_fails(); -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; DROP FUNCTION dogrant_ok(); -REVOKE regress_group2 FROM regress_user5; +REVOKE regress_priv_group2 FROM regress_priv_user5; -- has_sequence_privilege tests \c - CREATE SEQUENCE x_seq; -GRANT USAGE on x_seq to regress_user2; -SELECT has_sequence_privilege('regress_user1', 'atest1', 'SELECT'); +GRANT USAGE on x_seq to regress_priv_user2; +SELECT has_sequence_privilege('regress_priv_user1', 'atest1', 'SELECT'); ERROR: "atest1" is not a sequence -SELECT has_sequence_privilege('regress_user1', 'x_seq', 'INSERT'); +SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'INSERT'); ERROR: unrecognized privilege type: "INSERT" -SELECT has_sequence_privilege('regress_user1', 'x_seq', 'SELECT'); +SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'SELECT'); has_sequence_privilege ------------------------ f (1 row) -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT has_sequence_privilege('x_seq', 'USAGE'); has_sequence_privilege ------------------------ @@ -1228,7 +1228,7 @@ SELECT has_sequence_privilege('x_seq', 'USAGE'); -- largeobject privilege tests \c - -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT lo_create(1001); lo_create ----------- @@ -1260,10 +1260,10 @@ SELECT lo_create(1005); (1 row) GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC; -GRANT SELECT ON LARGE OBJECT 1003 TO regress_user2; -GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_user2; -GRANT ALL ON LARGE OBJECT 1005 TO regress_user2; -GRANT SELECT ON LARGE OBJECT 1005 TO regress_user2 WITH GRANT OPTION; +GRANT SELECT ON LARGE OBJECT 1003 TO regress_priv_user2; +GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_priv_user2; +GRANT ALL ON LARGE OBJECT 1005 TO regress_priv_user2; +GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user2 WITH GRANT OPTION; GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed ERROR: invalid privilege type INSERT for large object GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed @@ -1271,7 +1271,7 @@ ERROR: role "nosuchuser" does not exist GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed ERROR: large object 999 does not exist \c - -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT lo_create(2001); lo_create ----------- @@ -1328,11 +1328,11 @@ SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd'); 4 (1 row) -GRANT SELECT ON LARGE OBJECT 1005 TO regress_user3; -GRANT UPDATE ON LARGE OBJECT 1006 TO regress_user3; -- to be denied +GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user3; +GRANT UPDATE ON LARGE OBJECT 1006 TO regress_priv_user3; -- to be denied ERROR: large object 1006 does not exist REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC; -GRANT ALL ON LARGE OBJECT 2001 TO regress_user3; +GRANT ALL ON LARGE OBJECT 2001 TO regress_priv_user3; SELECT lo_unlink(1001); -- to be denied ERROR: must be owner of large object 1001 SELECT lo_unlink(2002); @@ -1344,17 +1344,17 @@ SELECT lo_unlink(2002); \c - -- confirm ACL setting SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid; - oid | ownername | lomacl -------+---------------+------------------------------------------------------------------------------------------------ - 1001 | regress_user1 | {regress_user1=rw/regress_user1,=rw/regress_user1} - 1002 | regress_user1 | - 1003 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=r/regress_user1} - 1004 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=rw/regress_user1} - 1005 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=r*w/regress_user1,regress_user3=r/regress_user2} - 2001 | regress_user2 | {regress_user2=rw/regress_user2,regress_user3=rw/regress_user2} + oid | ownername | lomacl +------+--------------------+------------------------------------------------------------------------------------------------------------------------------ + 1001 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,=rw/regress_priv_user1} + 1002 | regress_priv_user1 | + 1003 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r/regress_priv_user1} + 1004 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=rw/regress_priv_user1} + 1005 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r*w/regress_priv_user1,regress_priv_user3=r/regress_priv_user2} + 2001 | regress_priv_user2 | {regress_priv_user2=rw/regress_priv_user2,regress_priv_user3=rw/regress_priv_user2} (6 rows) -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; SELECT loread(lo_open(1001, x'40000'::int), 32); loread ------------ @@ -1380,7 +1380,7 @@ SELECT lo_truncate(lo_open(2001, x'20000'::int), 10); -- compatibility mode in largeobject permission \c - SET lo_compat_privileges = false; -- default setting -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied ERROR: permission denied for large object 1002 SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied @@ -1399,7 +1399,7 @@ SELECT lo_import('/dev/null', 2003); -- to be denied ERROR: permission denied for function lo_import \c - SET lo_compat_privileges = true; -- compatibility mode -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT loread(lo_open(1002, x'40000'::int), 32); loread -------- @@ -1433,34 +1433,34 @@ SELECT * FROM pg_largeobject LIMIT 0; ------+--------+------ (0 rows) -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT * FROM pg_largeobject LIMIT 0; -- to be denied ERROR: permission denied for table pg_largeobject -- test default ACLs \c - CREATE SCHEMA testns; -GRANT ALL ON SCHEMA testns TO regress_user1; +GRANT ALL ON SCHEMA testns TO regress_priv_user1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no has_table_privilege --------------------- f (1 row) -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f (1 row) ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public; -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no has_table_privilege --------------------- f (1 row) -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f @@ -1468,124 +1468,124 @@ SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes has_table_privilege --------------------- t (1 row) -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f (1 row) -ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_user1; +ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_priv_user1; DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes has_table_privilege --------------------- t (1 row) -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- yes has_table_privilege --------------------- t (1 row) -ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_user1; +ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_priv_user1; DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes has_table_privilege --------------------- t (1 row) -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f (1 row) -ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE EXECUTE ON FUNCTIONS FROM public; -ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_user2; -- error +ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public; +ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error ERROR: cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS -ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_user2; +ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_priv_user2; CREATE SCHEMA testns2; -SELECT has_schema_privilege('regress_user2', 'testns2', 'USAGE'); -- yes +SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'USAGE'); -- yes has_schema_privilege ---------------------- t (1 row) -SELECT has_schema_privilege('regress_user2', 'testns2', 'CREATE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'CREATE'); -- no has_schema_privilege ---------------------- f (1 row) -ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_user2; +ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_priv_user2; CREATE SCHEMA testns3; -SELECT has_schema_privilege('regress_user2', 'testns3', 'USAGE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'USAGE'); -- no has_schema_privilege ---------------------- f (1 row) -SELECT has_schema_privilege('regress_user2', 'testns3', 'CREATE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'CREATE'); -- no has_schema_privilege ---------------------- f (1 row) -ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_user2; +ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2; CREATE SCHEMA testns4; -SELECT has_schema_privilege('regress_user2', 'testns4', 'USAGE'); -- yes +SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'USAGE'); -- yes has_schema_privilege ---------------------- t (1 row) -SELECT has_schema_privilege('regress_user2', 'testns4', 'CREATE'); -- yes +SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes has_schema_privilege ---------------------- t (1 row) -ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_user2; +ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2; CREATE SCHEMA testns5; -SELECT has_schema_privilege('regress_user2', 'testns5', 'USAGE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no has_schema_privilege ---------------------- f (1 row) -SELECT has_schema_privilege('regress_user2', 'testns5', 'CREATE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'CREATE'); -- no has_schema_privilege ---------------------- f (1 row) -SET ROLE regress_user1; +SET ROLE regress_priv_user1; CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql; CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4); CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql; -SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- no +SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- no has_function_privilege ------------------------ f (1 row) -SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- no +SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- no has_function_privilege ------------------------ f (1 row) -SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- no +SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- no has_function_privilege ------------------------ f @@ -1598,19 +1598,19 @@ DROP AGGREGATE testns.agg1(int); CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4); DROP PROCEDURE testns.bar(); CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql; -SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- yes +SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- yes has_function_privilege ------------------------ t (1 row) -SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes +SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes has_function_privilege ------------------------ t (1 row) -SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here) +SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here) has_function_privilege ------------------------ t @@ -1619,9 +1619,9 @@ SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- ye DROP FUNCTION testns.foo(); DROP AGGREGATE testns.agg1(int); DROP PROCEDURE testns.bar(); -ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE USAGE ON TYPES FROM public; +ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE USAGE ON TYPES FROM public; CREATE DOMAIN testns.testdomain1 AS int; -SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no +SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- no has_type_privilege -------------------- f @@ -1630,7 +1630,7 @@ SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public; DROP DOMAIN testns.testdomain1; CREATE DOMAIN testns.testdomain1 AS int; -SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- yes +SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- yes has_type_privilege -------------------- t @@ -1664,33 +1664,33 @@ SELECT d.* -- check that entries went away CREATE SCHEMA testns; CREATE TABLE testns.t1 (f1 int); CREATE TABLE testns.t2 (f1 int); -SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false +SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false has_table_privilege --------------------- f (1 row) -GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_user1; -SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- true +GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_priv_user1; +SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) -SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- true +SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) -REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_user1; -SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false +REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_priv_user1; +SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false has_table_privilege --------------------- f (1 row) -SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false +SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- false has_table_privilege --------------------- f @@ -1699,64 +1699,64 @@ SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false CREATE FUNCTION testns.testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; CREATE AGGREGATE testns.testagg(int) (sfunc = int4pl, stype = int4); CREATE PROCEDURE testns.testproc(int) AS 'select 3' LANGUAGE sql; -SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default +SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default has_function_privilege ------------------------ t (1 row) -SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default +SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default has_function_privilege ------------------------ t (1 row) -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default has_function_privilege ------------------------ t (1 row) REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC; -SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false +SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false has_function_privilege ------------------------ f (1 row) -SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- false +SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- false has_function_privilege ------------------------ f (1 row) -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function has_function_privilege ------------------------ t (1 row) REVOKE ALL ON ALL PROCEDURES IN SCHEMA testns FROM PUBLIC; -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false has_function_privilege ------------------------ f (1 row) GRANT ALL ON ALL ROUTINES IN SCHEMA testns TO PUBLIC; -SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true +SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true has_function_privilege ------------------------ t (1 row) -SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true +SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true has_function_privilege ------------------------ t (1 row) -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true has_function_privilege ------------------------ t @@ -1796,53 +1796,53 @@ DROP ROLE regress_schemauser1; DROP ROLE regress_schemauser_renamed; -- test that dependent privileges are revoked (or not) properly \c - -set session role regress_user1; +set session role regress_priv_user1; create table dep_priv_test (a int); -grant select on dep_priv_test to regress_user2 with grant option; -grant select on dep_priv_test to regress_user3 with grant option; -set session role regress_user2; -grant select on dep_priv_test to regress_user4 with grant option; -set session role regress_user3; -grant select on dep_priv_test to regress_user4 with grant option; -set session role regress_user4; -grant select on dep_priv_test to regress_user5; +grant select on dep_priv_test to regress_priv_user2 with grant option; +grant select on dep_priv_test to regress_priv_user3 with grant option; +set session role regress_priv_user2; +grant select on dep_priv_test to regress_priv_user4 with grant option; +set session role regress_priv_user3; +grant select on dep_priv_test to regress_priv_user4 with grant option; +set session role regress_priv_user4; +grant select on dep_priv_test to regress_priv_user5; \dp dep_priv_test - Access privileges - Schema | Name | Type | Access privileges | Column privileges | Policies ---------+---------------+-------+-------------------------------------+-------------------+---------- - public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| | - | | | regress_user2=r*/regress_user1 +| | - | | | regress_user3=r*/regress_user1 +| | - | | | regress_user4=r*/regress_user2 +| | - | | | regress_user4=r*/regress_user3 +| | - | | | regress_user5=r/regress_user4 | | + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------------+-------+-----------------------------------------------+-------------------+---------- + public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| | + | | | regress_priv_user2=r*/regress_priv_user1 +| | + | | | regress_priv_user3=r*/regress_priv_user1 +| | + | | | regress_priv_user4=r*/regress_priv_user2 +| | + | | | regress_priv_user4=r*/regress_priv_user3 +| | + | | | regress_priv_user5=r/regress_priv_user4 | | (1 row) -set session role regress_user2; -revoke select on dep_priv_test from regress_user4 cascade; +set session role regress_priv_user2; +revoke select on dep_priv_test from regress_priv_user4 cascade; \dp dep_priv_test - Access privileges - Schema | Name | Type | Access privileges | Column privileges | Policies ---------+---------------+-------+-------------------------------------+-------------------+---------- - public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| | - | | | regress_user2=r*/regress_user1 +| | - | | | regress_user3=r*/regress_user1 +| | - | | | regress_user4=r*/regress_user3 +| | - | | | regress_user5=r/regress_user4 | | + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------------+-------+-----------------------------------------------+-------------------+---------- + public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| | + | | | regress_priv_user2=r*/regress_priv_user1 +| | + | | | regress_priv_user3=r*/regress_priv_user1 +| | + | | | regress_priv_user4=r*/regress_priv_user3 +| | + | | | regress_priv_user5=r/regress_priv_user4 | | (1 row) -set session role regress_user3; -revoke select on dep_priv_test from regress_user4 cascade; +set session role regress_priv_user3; +revoke select on dep_priv_test from regress_priv_user4 cascade; \dp dep_priv_test - Access privileges - Schema | Name | Type | Access privileges | Column privileges | Policies ---------+---------------+-------+-------------------------------------+-------------------+---------- - public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| | - | | | regress_user2=r*/regress_user1 +| | - | | | regress_user3=r*/regress_user1 | | + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------------+-------+-----------------------------------------------+-------------------+---------- + public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| | + | | | regress_priv_user2=r*/regress_priv_user1 +| | + | | | regress_priv_user3=r*/regress_priv_user1 | | (1 row) -set session role regress_user1; +set session role regress_priv_user1; drop table dep_priv_test; -- clean up \c @@ -1879,18 +1879,18 @@ SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3 1 (5 rows) -DROP GROUP regress_group1; -DROP GROUP regress_group2; +DROP GROUP regress_priv_group1; +DROP GROUP regress_priv_group2; -- these are needed to clean up permissions -REVOKE USAGE ON LANGUAGE sql FROM regress_user1; -DROP OWNED BY regress_user1; -DROP USER regress_user1; -DROP USER regress_user2; -DROP USER regress_user3; -DROP USER regress_user4; -DROP USER regress_user5; -DROP USER regress_user6; -ERROR: role "regress_user6" does not exist +REVOKE USAGE ON LANGUAGE sql FROM regress_priv_user1; +DROP OWNED BY regress_priv_user1; +DROP USER regress_priv_user1; +DROP USER regress_priv_user2; +DROP USER regress_priv_user3; +DROP USER regress_priv_user4; +DROP USER regress_priv_user5; +DROP USER regress_priv_user6; +ERROR: role "regress_priv_user6" does not exist -- permissions with LOCK TABLE CREATE USER regress_locktable_user; CREATE TABLE lock_table (a int); diff --git a/src/test/regress/expected/rolenames.out b/src/test/regress/expected/rolenames.out index dce82f5de7..7daba9fc12 100644 --- a/src/test/regress/expected/rolenames.out +++ b/src/test/regress/expected/rolenames.out @@ -813,7 +813,7 @@ NOTICE: role "nonexistent" does not exist, skipping GRANT regress_testrol0 TO pg_signal_backend; -- success SET ROLE pg_signal_backend; --success RESET ROLE; -CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success +CREATE SCHEMA test_roles_schema AUTHORIZATION pg_signal_backend; --success SET ROLE regress_testrol2; UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_'; SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_'; @@ -946,7 +946,7 @@ SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_'; -- clean up \c -DROP SCHEMA test_schema; +DROP SCHEMA test_roles_schema; DROP OWNED BY regress_testrol0, "Public", "current_user", regress_testrol1, regress_testrol2, regress_testrolx CASCADE; DROP ROLE regress_testrol0, regress_testrol1, regress_testrol2, regress_testrolx; DROP ROLE "Public", "None", "current_user", "session_user", "user"; diff --git a/src/test/regress/sql/alter_generic.sql b/src/test/regress/sql/alter_generic.sql index fd43f235f6..84fd900b24 100644 --- a/src/test/regress/sql/alter_generic.sql +++ b/src/test/regress/sql/alter_generic.sql @@ -5,15 +5,15 @@ -- Clean up in case a prior regression run failed SET client_min_messages TO 'warning'; -DROP ROLE IF EXISTS regress_alter_user1; -DROP ROLE IF EXISTS regress_alter_user2; -DROP ROLE IF EXISTS regress_alter_user3; +DROP ROLE IF EXISTS regress_alter_generic_user1; +DROP ROLE IF EXISTS regress_alter_generic_user2; +DROP ROLE IF EXISTS regress_alter_generic_user3; RESET client_min_messages; -CREATE USER regress_alter_user3; -CREATE USER regress_alter_user2; -CREATE USER regress_alter_user1 IN ROLE regress_alter_user3; +CREATE USER regress_alter_generic_user3; +CREATE USER regress_alter_generic_user2; +CREATE USER regress_alter_generic_user1 IN ROLE regress_alter_generic_user3; CREATE SCHEMA alt_nsp1; CREATE SCHEMA alt_nsp2; @@ -25,7 +25,7 @@ SET search_path = alt_nsp1, public; -- -- Function and Aggregate -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql AS 'SELECT $1 + 1'; CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql @@ -37,23 +37,23 @@ CREATE AGGREGATE alt_agg2 ( sfunc1 = int4mi, basetype = int4, stype1 = int4, initcond = 0 ); ALTER AGGREGATE alt_func1(int) RENAME TO alt_func3; -- failed (not aggregate) -ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_user3; -- failed (not aggregate) +ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_generic_user3; -- failed (not aggregate) ALTER AGGREGATE alt_func1(int) SET SCHEMA alt_nsp2; -- failed (not aggregate) ALTER FUNCTION alt_func1(int) RENAME TO alt_func2; -- failed (name conflict) ALTER FUNCTION alt_func1(int) RENAME TO alt_func3; -- OK -ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- OK +ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- OK ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp1; -- OK, already there ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- OK ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg2; -- failed (name conflict) ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg3; -- OK -ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- OK +ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- OK ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql AS 'SELECT $1 + 2'; CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql @@ -67,15 +67,15 @@ CREATE AGGREGATE alt_agg2 ( ALTER FUNCTION alt_func3(int) RENAME TO alt_func4; -- failed (not owner) ALTER FUNCTION alt_func1(int) RENAME TO alt_func4; -- OK -ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_user2; -- failed (not owner) -ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER FUNCTION alt_func3(int) SET SCHEMA alt_nsp2; -- failed (not owner) ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- failed (name conflicts) ALTER AGGREGATE alt_agg3(int) RENAME TO alt_agg4; -- failed (not owner) ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg4; -- OK -ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_user2; -- failed (not owner) -ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER AGGREGATE alt_agg3(int) SET SCHEMA alt_nsp2; -- failed (not owner) ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -95,24 +95,24 @@ SELECT n.nspname, proname, prorettype::regtype, prokind, a.rolname -- -- Conversion -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; ALTER CONVERSION alt_conv1 RENAME TO alt_conv2; -- failed (name conflict) ALTER CONVERSION alt_conv1 RENAME TO alt_conv3; -- OK -ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- OK +ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- OK ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8; ALTER CONVERSION alt_conv3 RENAME TO alt_conv4; -- failed (not owner) ALTER CONVERSION alt_conv1 RENAME TO alt_conv4; -- OK -ALTER CONVERSION alt_conv3 OWNER TO regress_alter_user2; -- failed (not owner) -ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER CONVERSION alt_conv3 OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER CONVERSION alt_conv3 SET SCHEMA alt_nsp2; -- failed (not owner) ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -148,17 +148,17 @@ SELECT srvname FROM pg_foreign_server WHERE srvname like 'alt_fserv%'; CREATE LANGUAGE alt_lang1 HANDLER plpgsql_call_handler; CREATE LANGUAGE alt_lang2 HANDLER plpgsql_call_handler; -ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_user1; -- OK -ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user2; -- OK +ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_generic_user1; -- OK +ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user2; -- OK -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; ALTER LANGUAGE alt_lang1 RENAME TO alt_lang2; -- failed (name conflict) ALTER LANGUAGE alt_lang2 RENAME TO alt_lang3; -- failed (not owner) ALTER LANGUAGE alt_lang1 RENAME TO alt_lang3; -- OK -ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user3; -- failed (not owner) -ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user3; -- OK +ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user3; -- failed (not owner) +ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user3; -- OK RESET SESSION AUTHORIZATION; SELECT lanname, a.rolname @@ -169,21 +169,21 @@ SELECT lanname, a.rolname -- -- Operator -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi ); CREATE OPERATOR @+@ ( leftarg = int4, rightarg = int4, procedure = int4pl ); -ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user3; -- OK +ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user3; -- OK ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi ); -ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (not owner) -ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER OPERATOR @+@(int4, int4) SET SCHEMA alt_nsp2; -- failed (not owner) -- can't test this: the error message includes the raw oid of namespace -- ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -202,53 +202,53 @@ SELECT n.nspname, oprname, a.rolname, -- CREATE OPERATOR FAMILY alt_opf1 USING hash; CREATE OPERATOR FAMILY alt_opf2 USING hash; -ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user1; -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user1; +ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user1; +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user1; CREATE OPERATOR CLASS alt_opc1 FOR TYPE uuid USING hash AS STORAGE uuid; CREATE OPERATOR CLASS alt_opc2 FOR TYPE uuid USING hash AS STORAGE uuid; -ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user1; -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user1; +ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user1; +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user1; -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf2; -- failed (name conflict) ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf3; -- OK -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- OK +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- OK ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- OK ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc2; -- failed (name conflict) ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc3; -- OK -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- OK +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- OK ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- OK RESET SESSION AUTHORIZATION; CREATE OPERATOR FAMILY alt_opf1 USING hash; CREATE OPERATOR FAMILY alt_opf2 USING hash; -ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user2; -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; +ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user2; +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; CREATE OPERATOR CLASS alt_opc1 FOR TYPE macaddr USING hash AS STORAGE macaddr; CREATE OPERATOR CLASS alt_opc2 FOR TYPE macaddr USING hash AS STORAGE macaddr; -ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user2; -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; +ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user2; +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; ALTER OPERATOR FAMILY alt_opf3 USING hash RENAME TO alt_opf4; -- failed (not owner) ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf4; -- OK -ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_user2; -- failed (not owner) -ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER OPERATOR FAMILY alt_opf3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner) ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict) ALTER OPERATOR CLASS alt_opc3 USING hash RENAME TO alt_opc4; -- failed (not owner) ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc4; -- OK -ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_user2; -- failed (not owner) -ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER OPERATOR CLASS alt_opc3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner) ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -305,9 +305,9 @@ DROP OPERATOR FAMILY alt_opf4 USING btree; -- Should fail. Need to be SUPERUSER to do ALTER OPERATOR FAMILY .. ADD / DROP BEGIN TRANSACTION; -CREATE ROLE regress_alter_user5 NOSUPERUSER; +CREATE ROLE regress_alter_generic_user5 NOSUPERUSER; CREATE OPERATOR FAMILY alt_opf5 USING btree; -SET ROLE regress_alter_user5; +SET ROLE regress_alter_generic_user5; ALTER OPERATOR FAMILY alt_opf5 USING btree ADD OPERATOR 1 < (int4, int2), FUNCTION 1 btint42cmp(int4, int2); RESET ROLE; DROP OPERATOR FAMILY alt_opf5 USING btree; @@ -315,11 +315,11 @@ ROLLBACK; -- Should fail. Need rights to namespace for ALTER OPERATOR FAMILY .. ADD / DROP BEGIN TRANSACTION; -CREATE ROLE regress_alter_user6; +CREATE ROLE regress_alter_generic_user6; CREATE SCHEMA alt_nsp6; -REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_user6; +REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_generic_user6; CREATE OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree; -SET ROLE regress_alter_user6; +SET ROLE regress_alter_generic_user6; ALTER OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree ADD OPERATOR 1 < (int4, int2); ROLLBACK; @@ -436,26 +436,26 @@ DROP OPERATOR FAMILY alt_opf18 USING btree; -- -- Statistics -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE TABLE alt_regress_1 (a INTEGER, b INTEGER); CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_1; CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_1; ALTER STATISTICS alt_stat1 RENAME TO alt_stat2; -- failed (name conflict) ALTER STATISTICS alt_stat1 RENAME TO alt_stat3; -- failed (name conflict) -ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- OK +ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- OK ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE TABLE alt_regress_2 (a INTEGER, b INTEGER); CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_2; CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_2; ALTER STATISTICS alt_stat3 RENAME TO alt_stat4; -- failed (not owner) ALTER STATISTICS alt_stat1 RENAME TO alt_stat4; -- OK -ALTER STATISTICS alt_stat3 OWNER TO regress_alter_user2; -- failed (not owner) -ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER STATISTICS alt_stat3 OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER STATISTICS alt_stat3 SET SCHEMA alt_nsp2; -- failed (not owner) ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -469,24 +469,24 @@ SELECT nspname, stxname, rolname -- -- Text Search Dictionary -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple); CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple); ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict2; -- failed (name conflict) ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict3; -- OK -ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- OK +ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- OK ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple); CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple); ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 RENAME TO alt_ts_dict4; -- failed (not owner) ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict4; -- OK -ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_user2; -- failed (not owner) -ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 SET SCHEMA alt_nsp2; -- failed (not owner) ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -501,24 +501,24 @@ SELECT nspname, dictname, rolname -- -- Text Search Configuration -- -SET SESSION AUTHORIZATION regress_alter_user1; +SET SESSION AUTHORIZATION regress_alter_generic_user1; CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english); CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english); ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf2; -- failed (name conflict) ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf3; -- OK -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user2; -- failed (no role membership) -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- OK +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user2; -- failed (no role membership) +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- OK ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- OK -SET SESSION AUTHORIZATION regress_alter_user2; +SET SESSION AUTHORIZATION regress_alter_generic_user2; CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english); CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english); ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 RENAME TO alt_ts_conf4; -- failed (not owner) ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf4; -- OK -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_user2; -- failed (not owner) -ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- failed (no role membership) +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_generic_user2; -- failed (not owner) +ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- failed (no role membership) ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 SET SCHEMA alt_nsp2; -- failed (not owner) ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- failed (name conflict) @@ -590,6 +590,6 @@ DROP LANGUAGE alt_lang3 CASCADE; DROP SCHEMA alt_nsp1 CASCADE; DROP SCHEMA alt_nsp2 CASCADE; -DROP USER regress_alter_user1; -DROP USER regress_alter_user2; -DROP USER regress_alter_user3; +DROP USER regress_alter_generic_user1; +DROP USER regress_alter_generic_user2; +DROP USER regress_alter_generic_user3; diff --git a/src/test/regress/sql/alter_table.sql b/src/test/regress/sql/alter_table.sql index 66f5e50d97..6903839269 100644 --- a/src/test/regress/sql/alter_table.sql +++ b/src/test/regress/sql/alter_table.sql @@ -4,10 +4,10 @@ -- Clean up in case a prior regression run failed SET client_min_messages TO 'warning'; -DROP ROLE IF EXISTS regress_alter_user1; +DROP ROLE IF EXISTS regress_alter_table_user1; RESET client_min_messages; -CREATE USER regress_alter_user1; +CREATE USER regress_alter_table_user1; -- -- add attribute @@ -220,7 +220,7 @@ ALTER INDEX IF EXISTS __tmp_onek_unique1 RENAME TO onek_unique1; ALTER INDEX onek_unique1 RENAME TO tmp_onek_unique1; ALTER INDEX tmp_onek_unique1 RENAME TO onek_unique1; -SET ROLE regress_alter_user1; +SET ROLE regress_alter_table_user1; ALTER INDEX onek_unique1 RENAME TO fail; -- permission denied RESET ROLE; @@ -228,7 +228,7 @@ RESET ROLE; CREATE VIEW tmp_view (unique1) AS SELECT unique1 FROM tenk1; ALTER TABLE tmp_view RENAME TO tmp_view_new; -SET ROLE regress_alter_user1; +SET ROLE regress_alter_table_user1; ALTER VIEW tmp_view_new RENAME TO fail; -- permission denied RESET ROLE; @@ -2564,4 +2564,4 @@ ALTER TABLE tmp ALTER COLUMN i RESET (n_distinct_inherited); ANALYZE tmp; DROP TABLE tmp; -DROP USER regress_alter_user1; +DROP USER regress_alter_table_user1; diff --git a/src/test/regress/sql/create_procedure.sql b/src/test/regress/sql/create_procedure.sql index 429750d77c..ac3246b087 100644 --- a/src/test/regress/sql/create_procedure.sql +++ b/src/test/regress/sql/create_procedure.sql @@ -86,14 +86,14 @@ DROP PROCEDURE nonexistent(); -- privileges -CREATE USER regress_user1; -GRANT INSERT ON cp_test TO regress_user1; +CREATE USER regress_cp_user1; +GRANT INSERT ON cp_test TO regress_cp_user1; REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC; -SET ROLE regress_user1; +SET ROLE regress_cp_user1; CALL ptest1('a'); -- error RESET ROLE; -GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1; -SET ROLE regress_user1; +GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_cp_user1; +SET ROLE regress_cp_user1; CALL ptest1('a'); -- ok RESET ROLE; @@ -116,4 +116,4 @@ DROP PROCEDURE ptest2; DROP TABLE cp_test; -DROP USER regress_user1; +DROP USER regress_cp_user1; diff --git a/src/test/regress/sql/create_view.sql b/src/test/regress/sql/create_view.sql index b4e7a8793c..9480030005 100644 --- a/src/test/regress/sql/create_view.sql +++ b/src/test/regress/sql/create_view.sql @@ -89,7 +89,7 @@ CREATE VIEW temp_view_test.v2 AS SELECT * FROM base_table; -- should fail CREATE VIEW temp_view_test.v3_temp AS SELECT * FROM temp_table; -- should fail -CREATE SCHEMA test_schema +CREATE SCHEMA test_view_schema CREATE TEMP VIEW testview AS SELECT 1; -- joins: if any of the join relations are temporary, the view diff --git a/src/test/regress/sql/identity.sql b/src/test/regress/sql/identity.sql index 8be086d7ea..a35f331f4e 100644 --- a/src/test/regress/sql/identity.sql +++ b/src/test/regress/sql/identity.sql @@ -221,15 +221,15 @@ ALTER TABLE itest7 ALTER COLUMN a RESTART; ALTER TABLE itest7 ALTER COLUMN a DROP IDENTITY; -- privileges -CREATE USER regress_user1; +CREATE USER regress_identity_user1; CREATE TABLE itest8 (a int GENERATED ALWAYS AS IDENTITY, b text); -GRANT SELECT, INSERT ON itest8 TO regress_user1; -SET ROLE regress_user1; +GRANT SELECT, INSERT ON itest8 TO regress_identity_user1; +SET ROLE regress_identity_user1; INSERT INTO itest8 DEFAULT VALUES; SELECT * FROM itest8; RESET ROLE; DROP TABLE itest8; -DROP USER regress_user1; +DROP USER regress_identity_user1; -- typed tables (currently not supported) diff --git a/src/test/regress/sql/insert.sql b/src/test/regress/sql/insert.sql index 0150b6bb0f..3e3fd96c75 100644 --- a/src/test/regress/sql/insert.sql +++ b/src/test/regress/sql/insert.sql @@ -388,26 +388,26 @@ select tableoid::regclass, * from mlparted_def; create table key_desc (a int, b int) partition by list ((a+0)); create table key_desc_1 partition of key_desc for values in (1) partition by range (b); -create user someone_else; -grant select (a) on key_desc_1 to someone_else; -grant insert on key_desc to someone_else; +create user regress_insert_other_user; +grant select (a) on key_desc_1 to regress_insert_other_user; +grant insert on key_desc to regress_insert_other_user; -set role someone_else; +set role regress_insert_other_user; -- no key description is shown insert into key_desc values (1, 1); reset role; -grant select (b) on key_desc_1 to someone_else; -set role someone_else; +grant select (b) on key_desc_1 to regress_insert_other_user; +set role regress_insert_other_user; -- key description (b)=(1) is now shown insert into key_desc values (1, 1); -- key description is not shown if key contains expression insert into key_desc values (2, 1); reset role; -revoke all on key_desc from someone_else; -revoke all on key_desc_1 from someone_else; -drop role someone_else; +revoke all on key_desc from regress_insert_other_user; +revoke all on key_desc_1 from regress_insert_other_user; +drop role regress_insert_other_user; drop table key_desc, key_desc_1; -- test minvalue/maxvalue restrictions diff --git a/src/test/regress/sql/namespace.sql b/src/test/regress/sql/namespace.sql index 51cb091cc5..6b12c96193 100644 --- a/src/test/regress/sql/namespace.sql +++ b/src/test/regress/sql/namespace.sql @@ -2,7 +2,7 @@ -- Regression tests for schemas (namespaces) -- -CREATE SCHEMA test_schema_1 +CREATE SCHEMA test_ns_schema_1 CREATE UNIQUE INDEX abc_a_idx ON abc (a) CREATE VIEW abc_view AS @@ -15,30 +15,30 @@ CREATE SCHEMA test_schema_1 -- verify that the objects were created SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1'); + (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1'); -INSERT INTO test_schema_1.abc DEFAULT VALUES; -INSERT INTO test_schema_1.abc DEFAULT VALUES; -INSERT INTO test_schema_1.abc DEFAULT VALUES; +INSERT INTO test_ns_schema_1.abc DEFAULT VALUES; +INSERT INTO test_ns_schema_1.abc DEFAULT VALUES; +INSERT INTO test_ns_schema_1.abc DEFAULT VALUES; -SELECT * FROM test_schema_1.abc; -SELECT * FROM test_schema_1.abc_view; +SELECT * FROM test_ns_schema_1.abc; +SELECT * FROM test_ns_schema_1.abc_view; -ALTER SCHEMA test_schema_1 RENAME TO test_schema_renamed; +ALTER SCHEMA test_ns_schema_1 RENAME TO test_ns_schema_renamed; SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1'); + (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1'); -- test IF NOT EXISTS cases -CREATE SCHEMA test_schema_renamed; -- fail, already exists -CREATE SCHEMA IF NOT EXISTS test_schema_renamed; -- ok with notice -CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed +CREATE SCHEMA test_ns_schema_renamed; -- fail, already exists +CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed; -- ok with notice +CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed -- fail, disallowed CREATE TABLE abc ( a serial, b int UNIQUE ); -DROP SCHEMA test_schema_renamed CASCADE; +DROP SCHEMA test_ns_schema_renamed CASCADE; -- verify that the objects were dropped SELECT COUNT(*) FROM pg_class WHERE relnamespace = - (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_renamed'); + (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_renamed'); diff --git a/src/test/regress/sql/privileges.sql b/src/test/regress/sql/privileges.sql index ea8dd028cd..6006ba40b5 100644 --- a/src/test/regress/sql/privileges.sql +++ b/src/test/regress/sql/privileges.sql @@ -7,15 +7,15 @@ -- Suppress NOTICE messages when users/groups don't exist SET client_min_messages TO 'warning'; -DROP ROLE IF EXISTS regress_group1; -DROP ROLE IF EXISTS regress_group2; +DROP ROLE IF EXISTS regress_priv_group1; +DROP ROLE IF EXISTS regress_priv_group2; -DROP ROLE IF EXISTS regress_user1; -DROP ROLE IF EXISTS regress_user2; -DROP ROLE IF EXISTS regress_user3; -DROP ROLE IF EXISTS regress_user4; -DROP ROLE IF EXISTS regress_user5; -DROP ROLE IF EXISTS regress_user6; +DROP ROLE IF EXISTS regress_priv_user1; +DROP ROLE IF EXISTS regress_priv_user2; +DROP ROLE IF EXISTS regress_priv_user3; +DROP ROLE IF EXISTS regress_priv_user4; +DROP ROLE IF EXISTS regress_priv_user5; +DROP ROLE IF EXISTS regress_priv_user6; SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid; @@ -23,25 +23,25 @@ RESET client_min_messages; -- test proper begins here -CREATE USER regress_user1; -CREATE USER regress_user2; -CREATE USER regress_user3; -CREATE USER regress_user4; -CREATE USER regress_user5; -CREATE USER regress_user5; -- duplicate +CREATE USER regress_priv_user1; +CREATE USER regress_priv_user2; +CREATE USER regress_priv_user3; +CREATE USER regress_priv_user4; +CREATE USER regress_priv_user5; +CREATE USER regress_priv_user5; -- duplicate -CREATE GROUP regress_group1; -CREATE GROUP regress_group2 WITH USER regress_user1, regress_user2; +CREATE GROUP regress_priv_group1; +CREATE GROUP regress_priv_group2 WITH USER regress_priv_user1, regress_priv_user2; -ALTER GROUP regress_group1 ADD USER regress_user4; +ALTER GROUP regress_priv_group1 ADD USER regress_priv_user4; -ALTER GROUP regress_group2 ADD USER regress_user2; -- duplicate -ALTER GROUP regress_group2 DROP USER regress_user2; -GRANT regress_group2 TO regress_user4 WITH ADMIN OPTION; +ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2; -- duplicate +ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2; +GRANT regress_priv_group2 TO regress_priv_user4 WITH ADMIN OPTION; -- test owner privileges -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT session_user, current_user; CREATE TABLE atest1 ( a int, b text ); @@ -57,18 +57,18 @@ COMMIT; REVOKE ALL ON atest1 FROM PUBLIC; SELECT * FROM atest1; -GRANT ALL ON atest1 TO regress_user2; -GRANT SELECT ON atest1 TO regress_user3, regress_user4; +GRANT ALL ON atest1 TO regress_priv_user2; +GRANT SELECT ON atest1 TO regress_priv_user3, regress_priv_user4; SELECT * FROM atest1; CREATE TABLE atest2 (col1 varchar(10), col2 boolean); -GRANT SELECT ON atest2 TO regress_user2; -GRANT UPDATE ON atest2 TO regress_user3; -GRANT INSERT ON atest2 TO regress_user4; -GRANT TRUNCATE ON atest2 TO regress_user5; +GRANT SELECT ON atest2 TO regress_priv_user2; +GRANT UPDATE ON atest2 TO regress_priv_user3; +GRANT INSERT ON atest2 TO regress_priv_user4; +GRANT TRUNCATE ON atest2 TO regress_priv_user5; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT session_user, current_user; -- try various combinations of queries on atest1 and atest2 @@ -95,7 +95,7 @@ SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) ); SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) ); -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; SELECT session_user, current_user; SELECT * FROM atest1; -- ok @@ -120,7 +120,7 @@ COPY atest2 FROM stdin; -- fail SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) ); SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) ); -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; COPY atest2 FROM stdin; -- ok bar true \. @@ -129,8 +129,8 @@ SELECT * FROM atest1; -- ok -- test leaky-function protections in selfuncs --- regress_user1 will own a table and provide a view for it. -SET SESSION AUTHORIZATION regress_user1; +-- regress_priv_user1 will own a table and provide a view for it. +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atest12 as SELECT x AS a, 10001 - x AS b FROM generate_series(1,10000) x; @@ -156,8 +156,8 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b; EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y WHERE x.a = y.b and abs(y.a) <<< 5; --- Check if regress_user2 can break security. -SET SESSION AUTHORIZATION regress_user2; +-- Check if regress_priv_user2 can break security. +SET SESSION AUTHORIZATION regress_priv_user2; CREATE FUNCTION leak2(integer,integer) RETURNS boolean AS $$begin raise notice 'leak % %', $1, $2; return $1 > $2; end$$ @@ -171,12 +171,12 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12 WHERE a >>> 0; -- This plan should use hashjoin, as it will expect many rows to be selected. EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b; --- Now regress_user1 grants sufficient access to regress_user2. -SET SESSION AUTHORIZATION regress_user1; +-- Now regress_priv_user1 grants sufficient access to regress_priv_user2. +SET SESSION AUTHORIZATION regress_priv_user1; GRANT SELECT (a, b) ON atest12 TO PUBLIC; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; --- Now regress_user2 will also get a good row estimate. +-- Now regress_priv_user2 will also get a good row estimate. EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b; -- But not for this, due to lack of table-wide permissions needed @@ -184,17 +184,17 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b; EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y WHERE x.a = y.b and abs(y.a) <<< 5; --- clean up (regress_user1's objects are all dropped later) +-- clean up (regress_priv_user1's objects are all dropped later) DROP FUNCTION leak2(integer, integer) CASCADE; -- groups -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; CREATE TABLE atest3 (one int, two int, three int); -GRANT DELETE ON atest3 TO GROUP regress_group2; +GRANT DELETE ON atest3 TO GROUP regress_priv_group2; -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT * FROM atest3; -- fail DELETE FROM atest3; -- ok @@ -202,7 +202,7 @@ DELETE FROM atest3; -- ok -- views -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok /* The next *should* fail, but it's not implemented that way yet. */ @@ -213,10 +213,10 @@ CREATE VIEW atestv0 AS SELECT 0 as x WHERE false; -- ok SELECT * FROM atestv1; -- ok SELECT * FROM atestv2; -- fail -GRANT SELECT ON atestv1, atestv3 TO regress_user4; -GRANT SELECT ON atestv2 TO regress_user2; +GRANT SELECT ON atestv1, atestv3 TO regress_priv_user4; +GRANT SELECT ON atestv2 TO regress_priv_user2; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT * FROM atestv1; -- ok SELECT * FROM atestv2; -- fail @@ -240,29 +240,29 @@ reset constraint_exclusion; CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view SELECT * FROM atestv4; -- ok -GRANT SELECT ON atestv4 TO regress_user2; +GRANT SELECT ON atestv4 TO regress_priv_user2; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; -- Two complex cases: SELECT * FROM atestv3; -- fail -SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3) +SELECT * FROM atestv4; -- ok (even though regress_priv_user2 cannot access underlying atestv3) SELECT * FROM atest2; -- ok -SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2) +SELECT * FROM atestv2; -- fail (even though regress_priv_user2 can access underlying atest2) -- Test column level permissions -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atest5 (one int, two int unique, three int, four int unique); CREATE TABLE atest6 (one int, two int, blue int); -GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_user4; -GRANT ALL (one) ON atest5 TO regress_user3; +GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user4; +GRANT ALL (one) ON atest5 TO regress_priv_user3; INSERT INTO atest5 VALUES (1,2,3); -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT * FROM atest5; -- fail SELECT one FROM atest5; -- ok COPY atest5 (one) TO stdout; -- ok @@ -283,16 +283,16 @@ SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.two); - SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok SELECT one, two FROM atest5; -- fail -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT (one,two) ON atest6 TO regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT (one,two) ON atest6 TO regress_priv_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT (two) ON atest5 TO regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT (two) ON atest5 TO regress_priv_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now -- test column-level privileges for INSERT and UPDATE @@ -324,37 +324,37 @@ INSERT INTO atest5(three) VALUES (4) ON CONFLICT (two) DO UPDATE set three = 10; -- Check that the columns in the inference require select privileges INSERT INTO atest5(four) VALUES (4); -- fail -SET SESSION AUTHORIZATION regress_user1; -GRANT INSERT (four) ON atest5 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT INSERT (four) ON atest5 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT) INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT) INSERT INTO atest5(four) VALUES (4); -- ok -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT (four) ON atest5 TO regress_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT (four) ON atest5 TO regress_priv_user4; +SET SESSION AUTHORIZATION regress_priv_user4; INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- ok INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- ok -SET SESSION AUTHORIZATION regress_user1; -REVOKE ALL (one) ON atest5 FROM regress_user4; -GRANT SELECT (one,two,blue) ON atest6 TO regress_user4; +SET SESSION AUTHORIZATION regress_priv_user1; +REVOKE ALL (one) ON atest5 FROM regress_priv_user4; +GRANT SELECT (one,two,blue) ON atest6 TO regress_priv_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT one FROM atest5; -- fail UPDATE atest5 SET one = 1; -- fail SELECT atest6 FROM atest6; -- ok COPY atest6 TO stdout; -- ok -- check error reporting with column privs -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE t1 (c1 int, c2 int, c3 int check (c3 < 5), primary key (c1, c2)); -GRANT SELECT (c1) ON t1 TO regress_user2; -GRANT INSERT (c1, c2, c3) ON t1 TO regress_user2; -GRANT UPDATE (c1, c2, c3) ON t1 TO regress_user2; +GRANT SELECT (c1) ON t1 TO regress_priv_user2; +GRANT INSERT (c1, c2, c3) ON t1 TO regress_priv_user2; +GRANT UPDATE (c1, c2, c3) ON t1 TO regress_priv_user2; -- seed data INSERT INTO t1 VALUES (1, 1, 1); @@ -363,7 +363,7 @@ INSERT INTO t1 VALUES (2, 1, 2); INSERT INTO t1 VALUES (2, 2, 2); INSERT INTO t1 VALUES (3, 1, 3); -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; INSERT INTO t1 (c1, c2) VALUES (1, 1); -- fail, but row not shown UPDATE t1 SET c2 = 1; -- fail, but row not shown INSERT INTO t1 (c1, c2) VALUES (null, null); -- fail, but see columns being inserted @@ -371,59 +371,59 @@ INSERT INTO t1 (c3) VALUES (null); -- fail, but see columns being inserted or ha INSERT INTO t1 (c1) VALUES (5); -- fail, but see columns being inserted or have SELECT UPDATE t1 SET c3 = 10; -- fail, but see columns with SELECT rights, or being modified -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; DROP TABLE t1; -- test column-level privileges when involved with DELETE -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; ALTER TABLE atest6 ADD COLUMN three integer; -GRANT DELETE ON atest5 TO regress_user3; -GRANT SELECT (two) ON atest5 TO regress_user3; -REVOKE ALL (one) ON atest5 FROM regress_user3; -GRANT SELECT (one) ON atest5 TO regress_user4; +GRANT DELETE ON atest5 TO regress_priv_user3; +GRANT SELECT (two) ON atest5 TO regress_priv_user3; +REVOKE ALL (one) ON atest5 FROM regress_priv_user3; +GRANT SELECT (one) ON atest5 TO regress_priv_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT atest6 FROM atest6; -- fail SELECT one FROM atest5 NATURAL JOIN atest6; -- fail -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; ALTER TABLE atest6 DROP COLUMN three; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT atest6 FROM atest6; -- ok SELECT one FROM atest5 NATURAL JOIN atest6; -- ok -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; ALTER TABLE atest6 DROP COLUMN two; -REVOKE SELECT (one,blue) ON atest6 FROM regress_user4; +REVOKE SELECT (one,blue) ON atest6 FROM regress_priv_user4; -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT * FROM atest6; -- fail SELECT 1 FROM atest6; -- fail -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; DELETE FROM atest5 WHERE one = 1; -- fail DELETE FROM atest5 WHERE two = 2; -- ok -- check inheritance cases -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atestp1 (f1 int, f2 int) WITH OIDS; CREATE TABLE atestp2 (fx int, fy int) WITH OIDS; CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2); -GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_user2; -GRANT SELECT(fx) ON atestc TO regress_user2; +GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_priv_user2; +GRANT SELECT(fx) ON atestc TO regress_priv_user2; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT fx FROM atestp2; -- ok SELECT fy FROM atestp2; -- ok SELECT atestp2 FROM atestp2; -- ok SELECT oid FROM atestp2; -- ok SELECT fy FROM atestc; -- fail -SET SESSION AUTHORIZATION regress_user1; -GRANT SELECT(fy,oid) ON atestc TO regress_user2; +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT SELECT(fy,oid) ON atestc TO regress_priv_user2; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT fx FROM atestp2; -- still ok SELECT fy FROM atestp2; -- ok SELECT atestp2 FROM atestp2; -- ok @@ -435,48 +435,48 @@ SELECT oid FROM atestp2; -- ok \c - REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC; -GRANT USAGE ON LANGUAGE sql TO regress_user1; -- ok +GRANT USAGE ON LANGUAGE sql TO regress_priv_user1; -- ok GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail -SET SESSION AUTHORIZATION regress_user1; -GRANT USAGE ON LANGUAGE sql TO regress_user2; -- fail +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT USAGE ON LANGUAGE sql TO regress_priv_user2; -- fail CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; CREATE AGGREGATE testagg1(int) (sfunc = int4pl, stype = int4); CREATE PROCEDURE testproc1(int) AS 'select $1;' LANGUAGE sql; REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) FROM PUBLIC; -GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_user2; +GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_priv_user2; REVOKE ALL ON FUNCTION testproc1(int) FROM PUBLIC; -- fail, not a function REVOKE ALL ON PROCEDURE testproc1(int) FROM PUBLIC; -GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_user2; -GRANT USAGE ON FUNCTION testfunc1(int) TO regress_user3; -- semantic error -GRANT USAGE ON FUNCTION testagg1(int) TO regress_user3; -- semantic error -GRANT USAGE ON PROCEDURE testproc1(int) TO regress_user3; -- semantic error -GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_user4; -GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_user4; -GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_user4; -GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_user4; +GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_priv_user2; +GRANT USAGE ON FUNCTION testfunc1(int) TO regress_priv_user3; -- semantic error +GRANT USAGE ON FUNCTION testagg1(int) TO regress_priv_user3; -- semantic error +GRANT USAGE ON PROCEDURE testproc1(int) TO regress_priv_user3; -- semantic error +GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_priv_user4; +GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_priv_user4; +GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_priv_user4; +GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_priv_user4; CREATE FUNCTION testfunc4(boolean) RETURNS text AS 'select col1 from atest2 where col2 = $1;' LANGUAGE sql SECURITY DEFINER; -GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_user3; +GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_priv_user3; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT testfunc1(5), testfunc2(5); -- ok CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok CALL testproc1(6); -- ok -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; SELECT testfunc1(5); -- fail SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail CALL testproc1(6); -- fail SELECT col1 FROM atest2 WHERE col2 = true; -- fail SELECT testfunc4(true); -- ok -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT testfunc1(5); -- ok SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok CALL testproc1(6); -- ok @@ -496,7 +496,7 @@ BEGIN; SELECT '{1}'::int4[]::int8[]; REVOKE ALL ON FUNCTION int8(integer) FROM PUBLIC; SELECT '{1}'::int4[]::int8[]; --superuser, suceed -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT '{1}'::int4[]::int8[]; --other user, fail ROLLBACK; @@ -507,16 +507,16 @@ ROLLBACK; CREATE TYPE testtype1 AS (a int, b text); REVOKE USAGE ON TYPE testtype1 FROM PUBLIC; -GRANT USAGE ON TYPE testtype1 TO regress_user2; -GRANT USAGE ON TYPE _testtype1 TO regress_user2; -- fail -GRANT USAGE ON DOMAIN testtype1 TO regress_user2; -- fail +GRANT USAGE ON TYPE testtype1 TO regress_priv_user2; +GRANT USAGE ON TYPE _testtype1 TO regress_priv_user2; -- fail +GRANT USAGE ON DOMAIN testtype1 TO regress_priv_user2; -- fail CREATE DOMAIN testdomain1 AS int; REVOKE USAGE on DOMAIN testdomain1 FROM PUBLIC; -GRANT USAGE ON DOMAIN testdomain1 TO regress_user2; -GRANT USAGE ON TYPE testdomain1 TO regress_user2; -- ok +GRANT USAGE ON DOMAIN testdomain1 TO regress_priv_user2; +GRANT USAGE ON TYPE testdomain1 TO regress_priv_user2; -- ok -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; -- commands that should fail @@ -553,7 +553,7 @@ CREATE TABLE test11a AS (SELECT 1::testdomain1 AS a); REVOKE ALL ON TYPE testtype1 FROM PUBLIC; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; -- commands that should succeed @@ -610,7 +610,7 @@ DROP DOMAIN testdomain1; -- ok -- truncate -SET SESSION AUTHORIZATION regress_user5; +SET SESSION AUTHORIZATION regress_priv_user5; TRUNCATE atest2; -- ok TRUNCATE atest3; -- fail @@ -659,7 +659,7 @@ select has_table_privilege(t1.oid,'trigger') from (select oid from pg_class where relname = 'pg_authid') as t1; -- non-superuser -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; select has_table_privilege(current_user,'pg_class','select'); select has_table_privilege(current_user,'pg_class','insert'); @@ -718,56 +718,56 @@ from (select oid from pg_class where relname = 'atest1') as t1; -- Grant options -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; CREATE TABLE atest4 (a int); -GRANT SELECT ON atest4 TO regress_user2 WITH GRANT OPTION; -GRANT UPDATE ON atest4 TO regress_user2; -GRANT SELECT ON atest4 TO GROUP regress_group1 WITH GRANT OPTION; +GRANT SELECT ON atest4 TO regress_priv_user2 WITH GRANT OPTION; +GRANT UPDATE ON atest4 TO regress_priv_user2; +GRANT SELECT ON atest4 TO GROUP regress_priv_group1 WITH GRANT OPTION; -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; -GRANT SELECT ON atest4 TO regress_user3; -GRANT UPDATE ON atest4 TO regress_user3; -- fail +GRANT SELECT ON atest4 TO regress_priv_user3; +GRANT UPDATE ON atest4 TO regress_priv_user3; -- fail -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; -REVOKE SELECT ON atest4 FROM regress_user3; -- does nothing -SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- true -REVOKE SELECT ON atest4 FROM regress_user2; -- fail -REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_user2 CASCADE; -- ok -SELECT has_table_privilege('regress_user2', 'atest4', 'SELECT'); -- true -SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- false +REVOKE SELECT ON atest4 FROM regress_priv_user3; -- does nothing +SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- true +REVOKE SELECT ON atest4 FROM regress_priv_user2; -- fail +REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_priv_user2 CASCADE; -- ok +SELECT has_table_privilege('regress_priv_user2', 'atest4', 'SELECT'); -- true +SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- false -SELECT has_table_privilege('regress_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true +SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true -- Admin options -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS - 'GRANT regress_group2 TO regress_user5'; -GRANT regress_group2 TO regress_user5; -- ok: had ADMIN OPTION -SET ROLE regress_group2; -GRANT regress_group2 TO regress_user5; -- fails: SET ROLE suspended privilege + 'GRANT regress_priv_group2 TO regress_priv_user5'; +GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION +SET ROLE regress_priv_group2; +GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege -SET SESSION AUTHORIZATION regress_user1; -GRANT regress_group2 TO regress_user5; -- fails: no ADMIN OPTION +SET SESSION AUTHORIZATION regress_priv_user1; +GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION SELECT dogrant_ok(); -- ok: SECURITY DEFINER conveys ADMIN -SET ROLE regress_group2; -GRANT regress_group2 TO regress_user5; -- fails: SET ROLE did not help +SET ROLE regress_priv_group2; +GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help -SET SESSION AUTHORIZATION regress_group2; -GRANT regress_group2 TO regress_user5; -- ok: a role can self-admin +SET SESSION AUTHORIZATION regress_priv_group2; +GRANT regress_priv_group2 TO regress_priv_user5; -- ok: a role can self-admin CREATE FUNCTION dogrant_fails() RETURNS void LANGUAGE sql SECURITY DEFINER AS - 'GRANT regress_group2 TO regress_user5'; + 'GRANT regress_priv_group2 TO regress_priv_user5'; SELECT dogrant_fails(); -- fails: no self-admin in SECURITY DEFINER DROP FUNCTION dogrant_fails(); -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; DROP FUNCTION dogrant_ok(); -REVOKE regress_group2 FROM regress_user5; +REVOKE regress_priv_group2 FROM regress_priv_user5; -- has_sequence_privilege tests @@ -775,19 +775,19 @@ REVOKE regress_group2 FROM regress_user5; CREATE SEQUENCE x_seq; -GRANT USAGE on x_seq to regress_user2; +GRANT USAGE on x_seq to regress_priv_user2; -SELECT has_sequence_privilege('regress_user1', 'atest1', 'SELECT'); -SELECT has_sequence_privilege('regress_user1', 'x_seq', 'INSERT'); -SELECT has_sequence_privilege('regress_user1', 'x_seq', 'SELECT'); +SELECT has_sequence_privilege('regress_priv_user1', 'atest1', 'SELECT'); +SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'INSERT'); +SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'SELECT'); -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT has_sequence_privilege('x_seq', 'USAGE'); -- largeobject privilege tests \c - -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT lo_create(1001); SELECT lo_create(1002); @@ -796,17 +796,17 @@ SELECT lo_create(1004); SELECT lo_create(1005); GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC; -GRANT SELECT ON LARGE OBJECT 1003 TO regress_user2; -GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_user2; -GRANT ALL ON LARGE OBJECT 1005 TO regress_user2; -GRANT SELECT ON LARGE OBJECT 1005 TO regress_user2 WITH GRANT OPTION; +GRANT SELECT ON LARGE OBJECT 1003 TO regress_priv_user2; +GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_priv_user2; +GRANT ALL ON LARGE OBJECT 1005 TO regress_priv_user2; +GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user2 WITH GRANT OPTION; GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed \c - -SET SESSION AUTHORIZATION regress_user2; +SET SESSION AUTHORIZATION regress_priv_user2; SELECT lo_create(2001); SELECT lo_create(2002); @@ -824,10 +824,10 @@ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd'); -- to be denied SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd'); -GRANT SELECT ON LARGE OBJECT 1005 TO regress_user3; -GRANT UPDATE ON LARGE OBJECT 1006 TO regress_user3; -- to be denied +GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user3; +GRANT UPDATE ON LARGE OBJECT 1006 TO regress_priv_user3; -- to be denied REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC; -GRANT ALL ON LARGE OBJECT 2001 TO regress_user3; +GRANT ALL ON LARGE OBJECT 2001 TO regress_priv_user3; SELECT lo_unlink(1001); -- to be denied SELECT lo_unlink(2002); @@ -836,7 +836,7 @@ SELECT lo_unlink(2002); -- confirm ACL setting SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid; -SET SESSION AUTHORIZATION regress_user3; +SET SESSION AUTHORIZATION regress_priv_user3; SELECT loread(lo_open(1001, x'40000'::int), 32); SELECT loread(lo_open(1003, x'40000'::int), 32); -- to be denied @@ -848,7 +848,7 @@ SELECT lo_truncate(lo_open(2001, x'20000'::int), 10); -- compatibility mode in largeobject permission \c - SET lo_compat_privileges = false; -- default setting -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied @@ -861,7 +861,7 @@ SELECT lo_import('/dev/null', 2003); -- to be denied \c - SET lo_compat_privileges = true; -- compatibility mode -SET SESSION AUTHORIZATION regress_user4; +SET SESSION AUTHORIZATION regress_priv_user4; SELECT loread(lo_open(1002, x'40000'::int), 32); SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); @@ -873,87 +873,87 @@ SELECT lo_export(1001, '/dev/null'); -- to be denied \c - SELECT * FROM pg_largeobject LIMIT 0; -SET SESSION AUTHORIZATION regress_user1; +SET SESSION AUTHORIZATION regress_priv_user1; SELECT * FROM pg_largeobject LIMIT 0; -- to be denied -- test default ACLs \c - CREATE SCHEMA testns; -GRANT ALL ON SCHEMA testns TO regress_user1; +GRANT ALL ON SCHEMA testns TO regress_priv_user1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public; -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no -ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_user1; +ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_priv_user1; DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- yes -ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_user1; +ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_priv_user1; DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes -SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes +SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no -ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE EXECUTE ON FUNCTIONS FROM public; +ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public; -ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_user2; -- error +ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error -ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_user2; +ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_priv_user2; CREATE SCHEMA testns2; -SELECT has_schema_privilege('regress_user2', 'testns2', 'USAGE'); -- yes -SELECT has_schema_privilege('regress_user2', 'testns2', 'CREATE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'USAGE'); -- yes +SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'CREATE'); -- no -ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_user2; +ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_priv_user2; CREATE SCHEMA testns3; -SELECT has_schema_privilege('regress_user2', 'testns3', 'USAGE'); -- no -SELECT has_schema_privilege('regress_user2', 'testns3', 'CREATE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'USAGE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'CREATE'); -- no -ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_user2; +ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2; CREATE SCHEMA testns4; -SELECT has_schema_privilege('regress_user2', 'testns4', 'USAGE'); -- yes -SELECT has_schema_privilege('regress_user2', 'testns4', 'CREATE'); -- yes +SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'USAGE'); -- yes +SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes -ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_user2; +ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2; CREATE SCHEMA testns5; -SELECT has_schema_privilege('regress_user2', 'testns5', 'USAGE'); -- no -SELECT has_schema_privilege('regress_user2', 'testns5', 'CREATE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no +SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'CREATE'); -- no -SET ROLE regress_user1; +SET ROLE regress_priv_user1; CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql; CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4); CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql; -SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- no -SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- no -SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- no +SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- no +SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- no +SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- no ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON ROUTINES to public; @@ -964,26 +964,26 @@ CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4); DROP PROCEDURE testns.bar(); CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql; -SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- yes -SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes -SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here) +SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- yes +SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes +SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here) DROP FUNCTION testns.foo(); DROP AGGREGATE testns.agg1(int); DROP PROCEDURE testns.bar(); -ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE USAGE ON TYPES FROM public; +ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE USAGE ON TYPES FROM public; CREATE DOMAIN testns.testdomain1 AS int; -SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no +SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- no ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public; DROP DOMAIN testns.testdomain1; CREATE DOMAIN testns.testdomain1 AS int; -SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- yes +SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- yes DROP DOMAIN testns.testdomain1; @@ -1011,41 +1011,41 @@ CREATE SCHEMA testns; CREATE TABLE testns.t1 (f1 int); CREATE TABLE testns.t2 (f1 int); -SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false +SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false -GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_user1; +GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_priv_user1; -SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- true -SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- true +SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- true +SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- true -REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_user1; +REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_priv_user1; -SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false -SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false +SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false +SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- false CREATE FUNCTION testns.testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; CREATE AGGREGATE testns.testagg(int) (sfunc = int4pl, stype = int4); CREATE PROCEDURE testns.testproc(int) AS 'select 3' LANGUAGE sql; -SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default -SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default +SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default +SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC; -SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false -SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- false -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function +SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false +SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- false +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function REVOKE ALL ON ALL PROCEDURES IN SCHEMA testns FROM PUBLIC; -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false GRANT ALL ON ALL ROUTINES IN SCHEMA testns TO PUBLIC; -SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true -SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true -SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true +SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true +SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true +SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true \set VERBOSITY terse \\ -- suppress cascade details DROP SCHEMA testns CASCADE; @@ -1082,24 +1082,24 @@ DROP ROLE regress_schemauser_renamed; -- test that dependent privileges are revoked (or not) properly \c - -set session role regress_user1; +set session role regress_priv_user1; create table dep_priv_test (a int); -grant select on dep_priv_test to regress_user2 with grant option; -grant select on dep_priv_test to regress_user3 with grant option; -set session role regress_user2; -grant select on dep_priv_test to regress_user4 with grant option; -set session role regress_user3; -grant select on dep_priv_test to regress_user4 with grant option; -set session role regress_user4; -grant select on dep_priv_test to regress_user5; +grant select on dep_priv_test to regress_priv_user2 with grant option; +grant select on dep_priv_test to regress_priv_user3 with grant option; +set session role regress_priv_user2; +grant select on dep_priv_test to regress_priv_user4 with grant option; +set session role regress_priv_user3; +grant select on dep_priv_test to regress_priv_user4 with grant option; +set session role regress_priv_user4; +grant select on dep_priv_test to regress_priv_user5; \dp dep_priv_test -set session role regress_user2; -revoke select on dep_priv_test from regress_user4 cascade; +set session role regress_priv_user2; +revoke select on dep_priv_test from regress_priv_user4 cascade; \dp dep_priv_test -set session role regress_user3; -revoke select on dep_priv_test from regress_user4 cascade; +set session role regress_priv_user3; +revoke select on dep_priv_test from regress_priv_user4 cascade; \dp dep_priv_test -set session role regress_user1; +set session role regress_priv_user1; drop table dep_priv_test; @@ -1134,19 +1134,19 @@ DROP TABLE atestp2; SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid; -DROP GROUP regress_group1; -DROP GROUP regress_group2; +DROP GROUP regress_priv_group1; +DROP GROUP regress_priv_group2; -- these are needed to clean up permissions -REVOKE USAGE ON LANGUAGE sql FROM regress_user1; -DROP OWNED BY regress_user1; +REVOKE USAGE ON LANGUAGE sql FROM regress_priv_user1; +DROP OWNED BY regress_priv_user1; -DROP USER regress_user1; -DROP USER regress_user2; -DROP USER regress_user3; -DROP USER regress_user4; -DROP USER regress_user5; -DROP USER regress_user6; +DROP USER regress_priv_user1; +DROP USER regress_priv_user2; +DROP USER regress_priv_user3; +DROP USER regress_priv_user4; +DROP USER regress_priv_user5; +DROP USER regress_priv_user6; -- permissions with LOCK TABLE diff --git a/src/test/regress/sql/rolenames.sql b/src/test/regress/sql/rolenames.sql index 4c5706bbaa..5fe8bc8bca 100644 --- a/src/test/regress/sql/rolenames.sql +++ b/src/test/regress/sql/rolenames.sql @@ -385,7 +385,7 @@ GRANT regress_testrol0 TO pg_signal_backend; -- success SET ROLE pg_signal_backend; --success RESET ROLE; -CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success +CREATE SCHEMA test_roles_schema AUTHORIZATION pg_signal_backend; --success SET ROLE regress_testrol2; UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_'; @@ -441,7 +441,7 @@ SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_'; -- clean up \c -DROP SCHEMA test_schema; +DROP SCHEMA test_roles_schema; DROP OWNED BY regress_testrol0, "Public", "current_user", regress_testrol1, regress_testrol2, regress_testrolx CASCADE; DROP ROLE regress_testrol0, regress_testrol1, regress_testrol2, regress_testrolx; DROP ROLE "Public", "None", "current_user", "session_user", "user";