-- -- Test access privileges -- -- Clean up in case a prior regression run failed -- Suppress NOTICE messages when users/groups don't exist SET client_min_messages TO 'warning'; DROP ROLE IF EXISTS regressgroup1; DROP ROLE IF EXISTS regressgroup2; DROP ROLE IF EXISTS regressuser1; DROP ROLE IF EXISTS regressuser2; DROP ROLE IF EXISTS regressuser3; DROP ROLE IF EXISTS regressuser4; DROP ROLE IF EXISTS regressuser5; DROP ROLE IF EXISTS regressuser6; SELECT lo_unlink(oid) FROM pg_largeobject_metadata; lo_unlink ----------- (0 rows) RESET client_min_messages; -- test proper begins here CREATE USER regressuser1; CREATE USER regressuser2; CREATE USER regressuser3; CREATE USER regressuser4; CREATE USER regressuser5; CREATE USER regressuser5; -- duplicate ERROR: role "regressuser5" already exists CREATE GROUP regressgroup1; CREATE GROUP regressgroup2 WITH USER regressuser1, regressuser2; ALTER GROUP regressgroup1 ADD USER regressuser4; ALTER GROUP regressgroup2 ADD USER regressuser2; -- duplicate NOTICE: role "regressuser2" is already a member of role "regressgroup2" ALTER GROUP regressgroup2 DROP USER regressuser2; ALTER GROUP regressgroup2 ADD USER regressuser4; -- test owner privileges SET SESSION AUTHORIZATION regressuser1; SELECT session_user, current_user; session_user | current_user --------------+-------------- regressuser1 | regressuser1 (1 row) CREATE TABLE atest1 ( a int, b text ); SELECT * FROM atest1; a | b ---+--- (0 rows) INSERT INTO atest1 VALUES (1, 'one'); DELETE FROM atest1; UPDATE atest1 SET a = 1 WHERE b = 'blech'; TRUNCATE atest1; BEGIN; LOCK atest1 IN ACCESS EXCLUSIVE MODE; COMMIT; REVOKE ALL ON atest1 FROM PUBLIC; SELECT * FROM atest1; a | b ---+--- (0 rows) GRANT ALL ON atest1 TO regressuser2; GRANT SELECT ON atest1 TO regressuser3, regressuser4; SELECT * FROM atest1; a | b ---+--- (0 rows) CREATE TABLE atest2 (col1 varchar(10), col2 boolean); GRANT SELECT ON atest2 TO regressuser2; GRANT UPDATE ON atest2 TO regressuser3; GRANT INSERT ON atest2 TO regressuser4; GRANT TRUNCATE ON atest2 TO regressuser5; SET SESSION AUTHORIZATION regressuser2; SELECT session_user, current_user; session_user | current_user --------------+-------------- regressuser2 | regressuser2 (1 row) -- try various combinations of queries on atest1 and atest2 SELECT * FROM atest1; -- ok a | b ---+--- (0 rows) SELECT * FROM atest2; -- ok col1 | col2 ------+------ (0 rows) INSERT INTO atest1 VALUES (2, 'two'); -- ok INSERT INTO atest2 VALUES ('foo', true); -- fail ERROR: permission denied for relation atest2 INSERT INTO atest1 SELECT 1, b FROM atest1; -- ok UPDATE atest1 SET a = 1 WHERE a = 2; -- ok UPDATE atest2 SET col2 = NOT col2; -- fail ERROR: permission denied for relation atest2 SELECT * FROM atest1 FOR UPDATE; -- ok a | b ---+----- 1 | two 1 | two (2 rows) SELECT * FROM atest2 FOR UPDATE; -- fail ERROR: permission denied for relation atest2 DELETE FROM atest2; -- fail ERROR: permission denied for relation atest2 TRUNCATE atest2; -- fail ERROR: permission denied for relation atest2 BEGIN; LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- fail ERROR: permission denied for relation atest2 COMMIT; COPY atest2 FROM stdin; -- fail ERROR: permission denied for relation atest2 GRANT ALL ON atest1 TO PUBLIC; -- fail WARNING: no privileges were granted for "atest1" -- checks in subquery, both ok SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) ); a | b ---+--- (0 rows) SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) ); col1 | col2 ------+------ (0 rows) SET SESSION AUTHORIZATION regressuser3; SELECT session_user, current_user; session_user | current_user --------------+-------------- regressuser3 | regressuser3 (1 row) SELECT * FROM atest1; -- ok a | b ---+----- 1 | two 1 | two (2 rows) SELECT * FROM atest2; -- fail ERROR: permission denied for relation atest2 INSERT INTO atest1 VALUES (2, 'two'); -- fail ERROR: permission denied for relation atest1 INSERT INTO atest2 VALUES ('foo', true); -- fail ERROR: permission denied for relation atest2 INSERT INTO atest1 SELECT 1, b FROM atest1; -- fail ERROR: permission denied for relation atest1 UPDATE atest1 SET a = 1 WHERE a = 2; -- fail ERROR: permission denied for relation atest1 UPDATE atest2 SET col2 = NULL; -- ok UPDATE atest2 SET col2 = NOT col2; -- fails; requires SELECT on atest2 ERROR: permission denied for relation atest2 UPDATE atest2 SET col2 = true FROM atest1 WHERE atest1.a = 5; -- ok SELECT * FROM atest1 FOR UPDATE; -- fail ERROR: permission denied for relation atest1 SELECT * FROM atest2 FOR UPDATE; -- fail ERROR: permission denied for relation atest2 DELETE FROM atest2; -- fail ERROR: permission denied for relation atest2 TRUNCATE atest2; -- fail ERROR: permission denied for relation atest2 BEGIN; LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- ok COMMIT; COPY atest2 FROM stdin; -- fail ERROR: permission denied for relation atest2 -- checks in subquery, both fail SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) ); ERROR: permission denied for relation atest2 SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) ); ERROR: permission denied for relation atest2 SET SESSION AUTHORIZATION regressuser4; COPY atest2 FROM stdin; -- ok SELECT * FROM atest1; -- ok a | b ---+----- 1 | two 1 | two (2 rows) -- groups SET SESSION AUTHORIZATION regressuser3; CREATE TABLE atest3 (one int, two int, three int); GRANT DELETE ON atest3 TO GROUP regressgroup2; SET SESSION AUTHORIZATION regressuser1; SELECT * FROM atest3; -- fail ERROR: permission denied for relation atest3 DELETE FROM atest3; -- ok -- views SET SESSION AUTHORIZATION regressuser3; CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok /* The next *should* fail, but it's not implemented that way yet. */ CREATE VIEW atestv2 AS SELECT * FROM atest2; CREATE VIEW atestv3 AS SELECT * FROM atest3; -- ok SELECT * FROM atestv1; -- ok a | b ---+----- 1 | two 1 | two (2 rows) SELECT * FROM atestv2; -- fail ERROR: permission denied for relation atest2 GRANT SELECT ON atestv1, atestv3 TO regressuser4; GRANT SELECT ON atestv2 TO regressuser2; SET SESSION AUTHORIZATION regressuser4; SELECT * FROM atestv1; -- ok a | b ---+----- 1 | two 1 | two (2 rows) SELECT * FROM atestv2; -- fail ERROR: permission denied for relation atestv2 SELECT * FROM atestv3; -- ok one | two | three -----+-----+------- (0 rows) CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view SELECT * FROM atestv4; -- ok one | two | three -----+-----+------- (0 rows) GRANT SELECT ON atestv4 TO regressuser2; SET SESSION AUTHORIZATION regressuser2; -- Two complex cases: SELECT * FROM atestv3; -- fail ERROR: permission denied for relation atestv3 SELECT * FROM atestv4; -- ok (even though regressuser2 cannot access underlying atestv3) one | two | three -----+-----+------- (0 rows) SELECT * FROM atest2; -- ok col1 | col2 ------+------ bar | t (1 row) SELECT * FROM atestv2; -- fail (even though regressuser2 can access underlying atest2) ERROR: permission denied for relation atest2 -- Test column level permissions SET SESSION AUTHORIZATION regressuser1; CREATE TABLE atest5 (one int, two int, three int); CREATE TABLE atest6 (one int, two int, blue int); GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regressuser4; GRANT ALL (one) ON atest5 TO regressuser3; INSERT INTO atest5 VALUES (1,2,3); SET SESSION AUTHORIZATION regressuser4; SELECT * FROM atest5; -- fail ERROR: permission denied for relation atest5 SELECT one FROM atest5; -- ok one ----- 1 (1 row) COPY atest5 (one) TO stdout; -- ok 1 SELECT two FROM atest5; -- fail ERROR: permission denied for relation atest5 COPY atest5 (two) TO stdout; -- fail ERROR: permission denied for relation atest5 SELECT atest5 FROM atest5; -- fail ERROR: permission denied for relation atest5 COPY atest5 (one,two) TO stdout; -- fail ERROR: permission denied for relation atest5 SELECT 1 FROM atest5; -- ok ?column? ---------- 1 (1 row) SELECT 1 FROM atest5 a JOIN atest5 b USING (one); -- ok ?column? ---------- 1 (1 row) SELECT 1 FROM atest5 a JOIN atest5 b USING (two); -- fail ERROR: permission denied for relation atest5 SELECT 1 FROM atest5 a NATURAL JOIN atest5 b; -- fail ERROR: permission denied for relation atest5 SELECT (j.*) IS NULL FROM (atest5 a JOIN atest5 b USING (one)) j; -- fail ERROR: permission denied for relation atest5 SELECT 1 FROM atest5 WHERE two = 2; -- fail ERROR: permission denied for relation atest5 SELECT * FROM atest1, atest5; -- fail ERROR: permission denied for relation atest5 SELECT atest1.* FROM atest1, atest5; -- ok a | b ---+----- 1 | two 1 | two (2 rows) SELECT atest1.*,atest5.one FROM atest1, atest5; -- ok a | b | one ---+-----+----- 1 | two | 1 1 | two | 1 (2 rows) SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.two); -- fail ERROR: permission denied for relation atest5 SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok a | b | one ---+-----+----- 1 | two | 1 1 | two | 1 (2 rows) SELECT one, two FROM atest5; -- fail ERROR: permission denied for relation atest5 SET SESSION AUTHORIZATION regressuser1; GRANT SELECT (one,two) ON atest6 TO regressuser4; SET SESSION AUTHORIZATION regressuser4; SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still ERROR: permission denied for relation atest5 SET SESSION AUTHORIZATION regressuser1; GRANT SELECT (two) ON atest5 TO regressuser4; SET SESSION AUTHORIZATION regressuser4; SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now one | two -----+----- (0 rows) -- test column-level privileges for INSERT and UPDATE INSERT INTO atest5 (two) VALUES (3); -- ok COPY atest5 FROM stdin; -- fail ERROR: permission denied for relation atest5 COPY atest5 (two) FROM stdin; -- ok INSERT INTO atest5 (three) VALUES (4); -- fail ERROR: permission denied for relation atest5 INSERT INTO atest5 VALUES (5,5,5); -- fail ERROR: permission denied for relation atest5 UPDATE atest5 SET three = 10; -- ok UPDATE atest5 SET one = 8; -- fail ERROR: permission denied for relation atest5 UPDATE atest5 SET three = 5, one = 2; -- fail ERROR: permission denied for relation atest5 SET SESSION AUTHORIZATION regressuser1; REVOKE ALL (one) ON atest5 FROM regressuser4; GRANT SELECT (one,two,blue) ON atest6 TO regressuser4; SET SESSION AUTHORIZATION regressuser4; SELECT one FROM atest5; -- fail ERROR: permission denied for relation atest5 UPDATE atest5 SET one = 1; -- fail ERROR: permission denied for relation atest5 SELECT atest6 FROM atest6; -- ok atest6 -------- (0 rows) COPY atest6 TO stdout; -- ok -- test column-level privileges when involved with DELETE SET SESSION AUTHORIZATION regressuser1; ALTER TABLE atest6 ADD COLUMN three integer; GRANT DELETE ON atest5 TO regressuser3; GRANT SELECT (two) ON atest5 TO regressuser3; REVOKE ALL (one) ON atest5 FROM regressuser3; GRANT SELECT (one) ON atest5 TO regressuser4; SET SESSION AUTHORIZATION regressuser4; SELECT atest6 FROM atest6; -- fail ERROR: permission denied for relation atest6 SELECT one FROM atest5 NATURAL JOIN atest6; -- fail ERROR: permission denied for relation atest5 SET SESSION AUTHORIZATION regressuser1; ALTER TABLE atest6 DROP COLUMN three; SET SESSION AUTHORIZATION regressuser4; SELECT atest6 FROM atest6; -- ok atest6 -------- (0 rows) SELECT one FROM atest5 NATURAL JOIN atest6; -- ok one ----- (0 rows) SET SESSION AUTHORIZATION regressuser1; ALTER TABLE atest6 DROP COLUMN two; REVOKE SELECT (one,blue) ON atest6 FROM regressuser4; SET SESSION AUTHORIZATION regressuser4; SELECT * FROM atest6; -- fail ERROR: permission denied for relation atest6 SELECT 1 FROM atest6; -- fail ERROR: permission denied for relation atest6 SET SESSION AUTHORIZATION regressuser3; DELETE FROM atest5 WHERE one = 1; -- fail ERROR: permission denied for relation atest5 DELETE FROM atest5 WHERE two = 2; -- ok -- check inheritance cases SET SESSION AUTHORIZATION regressuser1; CREATE TABLE atestp1 (f1 int, f2 int) WITH OIDS; CREATE TABLE atestp2 (fx int, fy int) WITH OIDS; CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2); GRANT SELECT(fx,fy,oid) ON atestp2 TO regressuser2; GRANT SELECT(fx) ON atestc TO regressuser2; SET SESSION AUTHORIZATION regressuser2; SELECT fx FROM atestp2; -- ok fx ---- (0 rows) SELECT fy FROM atestp2; -- ok fy ---- (0 rows) SELECT atestp2 FROM atestp2; -- ok atestp2 --------- (0 rows) SELECT oid FROM atestp2; -- ok oid ----- (0 rows) SELECT fy FROM atestc; -- fail ERROR: permission denied for relation atestc SET SESSION AUTHORIZATION regressuser1; GRANT SELECT(fy,oid) ON atestc TO regressuser2; SET SESSION AUTHORIZATION regressuser2; SELECT fx FROM atestp2; -- still ok fx ---- (0 rows) SELECT fy FROM atestp2; -- ok fy ---- (0 rows) SELECT atestp2 FROM atestp2; -- ok atestp2 --------- (0 rows) SELECT oid FROM atestp2; -- ok oid ----- (0 rows) -- privileges on functions, languages -- switch to superuser \c - REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC; GRANT USAGE ON LANGUAGE sql TO regressuser1; -- ok GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail ERROR: language "c" is not trusted HINT: Only superusers can use untrusted languages. SET SESSION AUTHORIZATION regressuser1; GRANT USAGE ON LANGUAGE sql TO regressuser2; -- fail WARNING: no privileges were granted for "sql" CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int) FROM PUBLIC; GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int) TO regressuser2; GRANT USAGE ON FUNCTION testfunc1(int) TO regressuser3; -- semantic error ERROR: invalid privilege type USAGE for function GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regressuser4; GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regressuser4; ERROR: function testfunc_nosuch(integer) does not exist CREATE FUNCTION testfunc4(boolean) RETURNS text AS 'select col1 from atest2 where col2 = $1;' LANGUAGE sql SECURITY DEFINER; GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regressuser3; SET SESSION AUTHORIZATION regressuser2; SELECT testfunc1(5), testfunc2(5); -- ok testfunc1 | testfunc2 -----------+----------- 10 | 15 (1 row) CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail ERROR: permission denied for language sql SET SESSION AUTHORIZATION regressuser3; SELECT testfunc1(5); -- fail ERROR: permission denied for function testfunc1 SELECT col1 FROM atest2 WHERE col2 = true; -- fail ERROR: permission denied for relation atest2 SELECT testfunc4(true); -- ok testfunc4 ----------- bar (1 row) SET SESSION AUTHORIZATION regressuser4; SELECT testfunc1(5); -- ok testfunc1 ----------- 10 (1 row) DROP FUNCTION testfunc1(int); -- fail ERROR: must be owner of function testfunc1 \c - DROP FUNCTION testfunc1(int); -- ok -- restore to sanity GRANT ALL PRIVILEGES ON LANGUAGE sql TO PUBLIC; -- privileges on types -- switch to superuser \c - CREATE TYPE testtype1 AS (a int, b text); REVOKE USAGE ON TYPE testtype1 FROM PUBLIC; GRANT USAGE ON TYPE testtype1 TO regressuser2; GRANT USAGE ON TYPE _testtype1 TO regressuser2; -- fail ERROR: cannot set privileges of array types HINT: Set the privileges of the element type instead. GRANT USAGE ON DOMAIN testtype1 TO regressuser2; -- fail ERROR: "testtype1" is not a domain CREATE DOMAIN testdomain1 AS int; REVOKE USAGE on DOMAIN testdomain1 FROM PUBLIC; GRANT USAGE ON DOMAIN testdomain1 TO regressuser2; GRANT USAGE ON TYPE testdomain1 TO regressuser2; -- ok SET SESSION AUTHORIZATION regressuser1; -- commands that should fail CREATE AGGREGATE testagg1a(testdomain1) (sfunc = int4_sum, stype = bigint); ERROR: permission denied for type testdomain1 CREATE DOMAIN testdomain2a AS testdomain1; ERROR: permission denied for type testdomain1 CREATE DOMAIN testdomain3a AS int; CREATE FUNCTION castfunc(int) RETURNS testdomain3a AS $$ SELECT $1::testdomain3a $$ LANGUAGE SQL; CREATE CAST (testdomain1 AS testdomain3a) WITH FUNCTION castfunc(int); ERROR: permission denied for type testdomain1 DROP FUNCTION castfunc(int) CASCADE; DROP DOMAIN testdomain3a; CREATE FUNCTION testfunc5a(a testdomain1) RETURNS int LANGUAGE SQL AS $$ SELECT $1 $$; ERROR: permission denied for type testdomain1 CREATE FUNCTION testfunc6a(b int) RETURNS testdomain1 LANGUAGE SQL AS $$ SELECT $1::testdomain1 $$; ERROR: permission denied for type testdomain1 CREATE OPERATOR !+! (PROCEDURE = int4pl, LEFTARG = testdomain1, RIGHTARG = testdomain1); ERROR: permission denied for type testdomain1 CREATE TABLE test5a (a int, b testdomain1); ERROR: permission denied for type testdomain1 CREATE TABLE test6a OF testtype1; ERROR: permission denied for type testtype1 CREATE TABLE test10a (a int[], b testtype1[]); ERROR: permission denied for type testtype1 CREATE TABLE test9a (a int, b int); ALTER TABLE test9a ADD COLUMN c testdomain1; ERROR: permission denied for type testdomain1 ALTER TABLE test9a ALTER COLUMN b TYPE testdomain1; ERROR: permission denied for type testdomain1 CREATE TYPE test7a AS (a int, b testdomain1); ERROR: permission denied for type testdomain1 CREATE TYPE test8a AS (a int, b int); ALTER TYPE test8a ADD ATTRIBUTE c testdomain1; ERROR: permission denied for type testdomain1 ALTER TYPE test8a ALTER ATTRIBUTE b TYPE testdomain1; ERROR: permission denied for type testdomain1 CREATE TABLE test11a AS (SELECT 1::testdomain1 AS a); ERROR: permission denied for type testdomain1 REVOKE ALL ON TYPE testtype1 FROM PUBLIC; ERROR: permission denied for type testtype1 SET SESSION AUTHORIZATION regressuser2; -- commands that should succeed CREATE AGGREGATE testagg1b(testdomain1) (sfunc = int4_sum, stype = bigint); CREATE DOMAIN testdomain2b AS testdomain1; CREATE DOMAIN testdomain3b AS int; CREATE FUNCTION castfunc(int) RETURNS testdomain3b AS $$ SELECT $1::testdomain3b $$ LANGUAGE SQL; CREATE CAST (testdomain1 AS testdomain3b) WITH FUNCTION castfunc(int); WARNING: cast will be ignored because the source data type is a domain CREATE FUNCTION testfunc5b(a testdomain1) RETURNS int LANGUAGE SQL AS $$ SELECT $1 $$; CREATE FUNCTION testfunc6b(b int) RETURNS testdomain1 LANGUAGE SQL AS $$ SELECT $1::testdomain1 $$; CREATE OPERATOR !! (PROCEDURE = testfunc5b, RIGHTARG = testdomain1); CREATE TABLE test5b (a int, b testdomain1); CREATE TABLE test6b OF testtype1; CREATE TABLE test10b (a int[], b testtype1[]); CREATE TABLE test9b (a int, b int); ALTER TABLE test9b ADD COLUMN c testdomain1; ALTER TABLE test9b ALTER COLUMN b TYPE testdomain1; CREATE TYPE test7b AS (a int, b testdomain1); CREATE TYPE test8b AS (a int, b int); ALTER TYPE test8b ADD ATTRIBUTE c testdomain1; ALTER TYPE test8b ALTER ATTRIBUTE b TYPE testdomain1; CREATE TABLE test11b AS (SELECT 1::testdomain1 AS a); REVOKE ALL ON TYPE testtype1 FROM PUBLIC; WARNING: no privileges could be revoked for "testtype1" \c - DROP AGGREGATE testagg1b(testdomain1); DROP DOMAIN testdomain2b; DROP OPERATOR !! (NONE, testdomain1); DROP FUNCTION testfunc5b(a testdomain1); DROP FUNCTION testfunc6b(b int); DROP TABLE test5b; DROP TABLE test6b; DROP TABLE test9b; DROP TABLE test10b; DROP TYPE test7b; DROP TYPE test8b; DROP CAST (testdomain1 AS testdomain3b); DROP FUNCTION castfunc(int) CASCADE; DROP DOMAIN testdomain3b; DROP TABLE test11b; DROP TYPE testtype1; -- ok DROP DOMAIN testdomain1; -- ok -- truncate SET SESSION AUTHORIZATION regressuser5; TRUNCATE atest2; -- ok TRUNCATE atest3; -- fail ERROR: permission denied for relation atest3 -- has_table_privilege function -- bad-input checks select has_table_privilege(NULL,'pg_authid','select'); has_table_privilege --------------------- (1 row) select has_table_privilege('pg_shad','select'); ERROR: relation "pg_shad" does not exist select has_table_privilege('nosuchuser','pg_authid','select'); ERROR: role "nosuchuser" does not exist select has_table_privilege('pg_authid','sel'); ERROR: unrecognized privilege type: "sel" select has_table_privilege(-999999,'pg_authid','update'); ERROR: role with OID 4293967297 does not exist select has_table_privilege(1,'select'); has_table_privilege --------------------- (1 row) -- superuser \c - select has_table_privilege(current_user,'pg_authid','select'); has_table_privilege --------------------- t (1 row) select has_table_privilege(current_user,'pg_authid','insert'); has_table_privilege --------------------- t (1 row) select has_table_privilege(t2.oid,'pg_authid','update') from (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- t (1 row) select has_table_privilege(t2.oid,'pg_authid','delete') from (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- t (1 row) -- 'rule' privilege no longer exists, but for backwards compatibility -- has_table_privilege still recognizes the keyword and says FALSE select has_table_privilege(current_user,t1.oid,'rule') from (select oid from pg_class where relname = 'pg_authid') as t1; has_table_privilege --------------------- f (1 row) select has_table_privilege(current_user,t1.oid,'references') from (select oid from pg_class where relname = 'pg_authid') as t1; has_table_privilege --------------------- t (1 row) select has_table_privilege(t2.oid,t1.oid,'select') from (select oid from pg_class where relname = 'pg_authid') as t1, (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- t (1 row) select has_table_privilege(t2.oid,t1.oid,'insert') from (select oid from pg_class where relname = 'pg_authid') as t1, (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- t (1 row) select has_table_privilege('pg_authid','update'); has_table_privilege --------------------- t (1 row) select has_table_privilege('pg_authid','delete'); has_table_privilege --------------------- t (1 row) select has_table_privilege('pg_authid','truncate'); has_table_privilege --------------------- t (1 row) select has_table_privilege(t1.oid,'select') from (select oid from pg_class where relname = 'pg_authid') as t1; has_table_privilege --------------------- t (1 row) select has_table_privilege(t1.oid,'trigger') from (select oid from pg_class where relname = 'pg_authid') as t1; has_table_privilege --------------------- t (1 row) -- non-superuser SET SESSION AUTHORIZATION regressuser3; select has_table_privilege(current_user,'pg_class','select'); has_table_privilege --------------------- t (1 row) select has_table_privilege(current_user,'pg_class','insert'); has_table_privilege --------------------- f (1 row) select has_table_privilege(t2.oid,'pg_class','update') from (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- f (1 row) select has_table_privilege(t2.oid,'pg_class','delete') from (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- f (1 row) select has_table_privilege(current_user,t1.oid,'references') from (select oid from pg_class where relname = 'pg_class') as t1; has_table_privilege --------------------- f (1 row) select has_table_privilege(t2.oid,t1.oid,'select') from (select oid from pg_class where relname = 'pg_class') as t1, (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- t (1 row) select has_table_privilege(t2.oid,t1.oid,'insert') from (select oid from pg_class where relname = 'pg_class') as t1, (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- f (1 row) select has_table_privilege('pg_class','update'); has_table_privilege --------------------- f (1 row) select has_table_privilege('pg_class','delete'); has_table_privilege --------------------- f (1 row) select has_table_privilege('pg_class','truncate'); has_table_privilege --------------------- f (1 row) select has_table_privilege(t1.oid,'select') from (select oid from pg_class where relname = 'pg_class') as t1; has_table_privilege --------------------- t (1 row) select has_table_privilege(t1.oid,'trigger') from (select oid from pg_class where relname = 'pg_class') as t1; has_table_privilege --------------------- f (1 row) select has_table_privilege(current_user,'atest1','select'); has_table_privilege --------------------- t (1 row) select has_table_privilege(current_user,'atest1','insert'); has_table_privilege --------------------- f (1 row) select has_table_privilege(t2.oid,'atest1','update') from (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- f (1 row) select has_table_privilege(t2.oid,'atest1','delete') from (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- f (1 row) select has_table_privilege(current_user,t1.oid,'references') from (select oid from pg_class where relname = 'atest1') as t1; has_table_privilege --------------------- f (1 row) select has_table_privilege(t2.oid,t1.oid,'select') from (select oid from pg_class where relname = 'atest1') as t1, (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- t (1 row) select has_table_privilege(t2.oid,t1.oid,'insert') from (select oid from pg_class where relname = 'atest1') as t1, (select oid from pg_roles where rolname = current_user) as t2; has_table_privilege --------------------- f (1 row) select has_table_privilege('atest1','update'); has_table_privilege --------------------- f (1 row) select has_table_privilege('atest1','delete'); has_table_privilege --------------------- f (1 row) select has_table_privilege('atest1','truncate'); has_table_privilege --------------------- f (1 row) select has_table_privilege(t1.oid,'select') from (select oid from pg_class where relname = 'atest1') as t1; has_table_privilege --------------------- t (1 row) select has_table_privilege(t1.oid,'trigger') from (select oid from pg_class where relname = 'atest1') as t1; has_table_privilege --------------------- f (1 row) -- Grant options SET SESSION AUTHORIZATION regressuser1; CREATE TABLE atest4 (a int); GRANT SELECT ON atest4 TO regressuser2 WITH GRANT OPTION; GRANT UPDATE ON atest4 TO regressuser2; GRANT SELECT ON atest4 TO GROUP regressgroup1 WITH GRANT OPTION; SET SESSION AUTHORIZATION regressuser2; GRANT SELECT ON atest4 TO regressuser3; GRANT UPDATE ON atest4 TO regressuser3; -- fail WARNING: no privileges were granted for "atest4" SET SESSION AUTHORIZATION regressuser1; REVOKE SELECT ON atest4 FROM regressuser3; -- does nothing SELECT has_table_privilege('regressuser3', 'atest4', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) REVOKE SELECT ON atest4 FROM regressuser2; -- fail ERROR: dependent privileges exist HINT: Use CASCADE to revoke them too. REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regressuser2 CASCADE; -- ok SELECT has_table_privilege('regressuser2', 'atest4', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) SELECT has_table_privilege('regressuser3', 'atest4', 'SELECT'); -- false has_table_privilege --------------------- f (1 row) SELECT has_table_privilege('regressuser1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true has_table_privilege --------------------- t (1 row) -- has_sequence_privilege tests \c - CREATE SEQUENCE x_seq; GRANT USAGE on x_seq to regressuser2; SELECT has_sequence_privilege('regressuser1', 'atest1', 'SELECT'); ERROR: "atest1" is not a sequence SELECT has_sequence_privilege('regressuser1', 'x_seq', 'INSERT'); ERROR: unrecognized privilege type: "INSERT" SELECT has_sequence_privilege('regressuser1', 'x_seq', 'SELECT'); has_sequence_privilege ------------------------ f (1 row) SET SESSION AUTHORIZATION regressuser2; SELECT has_sequence_privilege('x_seq', 'USAGE'); has_sequence_privilege ------------------------ t (1 row) -- largeobject privilege tests \c - SET SESSION AUTHORIZATION regressuser1; SELECT lo_create(1001); lo_create ----------- 1001 (1 row) SELECT lo_create(1002); lo_create ----------- 1002 (1 row) SELECT lo_create(1003); lo_create ----------- 1003 (1 row) SELECT lo_create(1004); lo_create ----------- 1004 (1 row) SELECT lo_create(1005); lo_create ----------- 1005 (1 row) GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC; GRANT SELECT ON LARGE OBJECT 1003 TO regressuser2; GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regressuser2; GRANT ALL ON LARGE OBJECT 1005 TO regressuser2; GRANT SELECT ON LARGE OBJECT 1005 TO regressuser2 WITH GRANT OPTION; GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed ERROR: invalid privilege type INSERT for large object GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed ERROR: role "nosuchuser" does not exist GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed ERROR: large object 999 does not exist \c - SET SESSION AUTHORIZATION regressuser2; SELECT lo_create(2001); lo_create ----------- 2001 (1 row) SELECT lo_create(2002); lo_create ----------- 2002 (1 row) SELECT loread(lo_open(1001, x'40000'::int), 32); loread -------- \x (1 row) SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied ERROR: permission denied for large object 1002 SELECT loread(lo_open(1003, x'40000'::int), 32); loread -------- \x (1 row) SELECT loread(lo_open(1004, x'40000'::int), 32); loread -------- \x (1 row) SELECT lowrite(lo_open(1001, x'20000'::int), 'abcd'); lowrite --------- 4 (1 row) SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied ERROR: permission denied for large object 1002 SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd'); -- to be denied ERROR: permission denied for large object 1003 SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd'); lowrite --------- 4 (1 row) GRANT SELECT ON LARGE OBJECT 1005 TO regressuser3; GRANT UPDATE ON LARGE OBJECT 1006 TO regressuser3; -- to be denied ERROR: large object 1006 does not exist REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC; GRANT ALL ON LARGE OBJECT 2001 TO regressuser3; SELECT lo_unlink(1001); -- to be denied ERROR: must be owner of large object 1001 SELECT lo_unlink(2002); lo_unlink ----------- 1 (1 row) \c - -- confirm ACL setting SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata; oid | ownername | lomacl ------+--------------+------------------------------------------------------------------------------------------ 1002 | regressuser1 | 1001 | regressuser1 | {regressuser1=rw/regressuser1,=rw/regressuser1} 1003 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=r/regressuser1} 1004 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=rw/regressuser1} 1005 | regressuser1 | {regressuser1=rw/regressuser1,regressuser2=r*w/regressuser1,regressuser3=r/regressuser2} 2001 | regressuser2 | {regressuser2=rw/regressuser2,regressuser3=rw/regressuser2} (6 rows) SET SESSION AUTHORIZATION regressuser3; SELECT loread(lo_open(1001, x'40000'::int), 32); loread ------------ \x61626364 (1 row) SELECT loread(lo_open(1003, x'40000'::int), 32); -- to be denied ERROR: permission denied for large object 1003 SELECT loread(lo_open(1005, x'40000'::int), 32); loread -------- \x (1 row) SELECT lo_truncate(lo_open(1005, x'20000'::int), 10); -- to be denied ERROR: permission denied for large object 1005 SELECT lo_truncate(lo_open(2001, x'20000'::int), 10); lo_truncate ------------- 0 (1 row) -- compatibility mode in largeobject permission \c - SET lo_compat_privileges = false; -- default setting SET SESSION AUTHORIZATION regressuser4; SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied ERROR: permission denied for large object 1002 SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied ERROR: permission denied for large object 1002 SELECT lo_truncate(lo_open(1002, x'20000'::int), 10); -- to be denied ERROR: permission denied for large object 1002 SELECT lo_unlink(1002); -- to be denied ERROR: must be owner of large object 1002 SELECT lo_export(1001, '/dev/null'); -- to be denied ERROR: must be superuser to use server-side lo_export() HINT: Anyone can use the client-side lo_export() provided by libpq. \c - SET lo_compat_privileges = true; -- compatibility mode SET SESSION AUTHORIZATION regressuser4; SELECT loread(lo_open(1002, x'40000'::int), 32); loread -------- \x (1 row) SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); lowrite --------- 4 (1 row) SELECT lo_truncate(lo_open(1002, x'20000'::int), 10); lo_truncate ------------- 0 (1 row) SELECT lo_unlink(1002); lo_unlink ----------- 1 (1 row) SELECT lo_export(1001, '/dev/null'); -- to be denied ERROR: must be superuser to use server-side lo_export() HINT: Anyone can use the client-side lo_export() provided by libpq. -- don't allow unpriv users to access pg_largeobject contents \c - SELECT * FROM pg_largeobject LIMIT 0; loid | pageno | data ------+--------+------ (0 rows) SET SESSION AUTHORIZATION regressuser1; SELECT * FROM pg_largeobject LIMIT 0; -- to be denied ERROR: permission denied for relation pg_largeobject -- test default ACLs \c - CREATE SCHEMA testns; GRANT ALL ON SCHEMA testns TO regressuser1; CREATE TABLE testns.acltest1 (x int); SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no has_table_privilege --------------------- f (1 row) SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f (1 row) ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public; SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- no has_table_privilege --------------------- f (1 row) SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f (1 row) DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes has_table_privilege --------------------- t (1 row) SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f (1 row) ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regressuser1; DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes has_table_privilege --------------------- t (1 row) SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- yes has_table_privilege --------------------- t (1 row) ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regressuser1; DROP TABLE testns.acltest1; CREATE TABLE testns.acltest1 (x int); SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'SELECT'); -- yes has_table_privilege --------------------- t (1 row) SELECT has_table_privilege('regressuser1', 'testns.acltest1', 'INSERT'); -- no has_table_privilege --------------------- f (1 row) ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE EXECUTE ON FUNCTIONS FROM public; SET ROLE regressuser1; CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql; SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- no has_function_privilege ------------------------ f (1 row) ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON FUNCTIONS to public; DROP FUNCTION testns.foo(); CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql; SELECT has_function_privilege('regressuser2', 'testns.foo()', 'EXECUTE'); -- yes has_function_privilege ------------------------ t (1 row) DROP FUNCTION testns.foo(); ALTER DEFAULT PRIVILEGES FOR ROLE regressuser1 REVOKE USAGE ON TYPES FROM public; CREATE DOMAIN testns.testdomain1 AS int; SELECT has_type_privilege('regressuser2', 'testns.testdomain1', 'USAGE'); -- no has_type_privilege -------------------- f (1 row) ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public; DROP DOMAIN testns.testdomain1; CREATE DOMAIN testns.testdomain1 AS int; SELECT has_type_privilege('regressuser2', 'testns.testdomain1', 'USAGE'); -- yes has_type_privilege -------------------- t (1 row) DROP DOMAIN testns.testdomain1; RESET ROLE; SELECT count(*) FROM pg_default_acl d LEFT JOIN pg_namespace n ON defaclnamespace = n.oid WHERE nspname = 'testns'; count ------- 3 (1 row) DROP SCHEMA testns CASCADE; NOTICE: drop cascades to table testns.acltest1 SELECT d.* -- check that entries went away FROM pg_default_acl d LEFT JOIN pg_namespace n ON defaclnamespace = n.oid WHERE nspname IS NULL AND defaclnamespace != 0; defaclrole | defaclnamespace | defaclobjtype | defaclacl ------------+-----------------+---------------+----------- (0 rows) -- Grant on all objects of given type in a schema \c - CREATE SCHEMA testns; CREATE TABLE testns.t1 (f1 int); CREATE TABLE testns.t2 (f1 int); SELECT has_table_privilege('regressuser1', 'testns.t1', 'SELECT'); -- false has_table_privilege --------------------- f (1 row) GRANT ALL ON ALL TABLES IN SCHEMA testns TO regressuser1; SELECT has_table_privilege('regressuser1', 'testns.t1', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) SELECT has_table_privilege('regressuser1', 'testns.t2', 'SELECT'); -- true has_table_privilege --------------------- t (1 row) REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regressuser1; SELECT has_table_privilege('regressuser1', 'testns.t1', 'SELECT'); -- false has_table_privilege --------------------- f (1 row) SELECT has_table_privilege('regressuser1', 'testns.t2', 'SELECT'); -- false has_table_privilege --------------------- f (1 row) CREATE FUNCTION testns.testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql; SELECT has_function_privilege('regressuser1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default has_function_privilege ------------------------ t (1 row) REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC; SELECT has_function_privilege('regressuser1', 'testns.testfunc(int)', 'EXECUTE'); -- false has_function_privilege ------------------------ f (1 row) SET client_min_messages TO 'warning'; DROP SCHEMA testns CASCADE; RESET client_min_messages; -- test that dependent privileges are revoked (or not) properly \c - set session role regressuser1; create table dep_priv_test (a int); grant select on dep_priv_test to regressuser2 with grant option; grant select on dep_priv_test to regressuser3 with grant option; set session role regressuser2; grant select on dep_priv_test to regressuser4 with grant option; set session role regressuser3; grant select on dep_priv_test to regressuser4 with grant option; set session role regressuser4; grant select on dep_priv_test to regressuser5; \dp dep_priv_test Access privileges Schema | Name | Type | Access privileges | Column access privileges --------+---------------+-------+-----------------------------------+-------------------------- public | dep_priv_test | table | regressuser1=arwdDxt/regressuser1+| | | | regressuser2=r*/regressuser1 +| | | | regressuser3=r*/regressuser1 +| | | | regressuser4=r*/regressuser2 +| | | | regressuser4=r*/regressuser3 +| | | | regressuser5=r/regressuser4 | (1 row) set session role regressuser2; revoke select on dep_priv_test from regressuser4 cascade; \dp dep_priv_test Access privileges Schema | Name | Type | Access privileges | Column access privileges --------+---------------+-------+-----------------------------------+-------------------------- public | dep_priv_test | table | regressuser1=arwdDxt/regressuser1+| | | | regressuser2=r*/regressuser1 +| | | | regressuser3=r*/regressuser1 +| | | | regressuser4=r*/regressuser3 +| | | | regressuser5=r/regressuser4 | (1 row) set session role regressuser3; revoke select on dep_priv_test from regressuser4 cascade; \dp dep_priv_test Access privileges Schema | Name | Type | Access privileges | Column access privileges --------+---------------+-------+-----------------------------------+-------------------------- public | dep_priv_test | table | regressuser1=arwdDxt/regressuser1+| | | | regressuser2=r*/regressuser1 +| | | | regressuser3=r*/regressuser1 | (1 row) set session role regressuser1; drop table dep_priv_test; -- clean up \c drop sequence x_seq; DROP FUNCTION testfunc2(int); DROP FUNCTION testfunc4(boolean); DROP VIEW atestv1; DROP VIEW atestv2; -- this should cascade to drop atestv4 DROP VIEW atestv3 CASCADE; NOTICE: drop cascades to view atestv4 -- this should complain "does not exist" DROP VIEW atestv4; ERROR: view "atestv4" does not exist DROP TABLE atest1; DROP TABLE atest2; DROP TABLE atest3; DROP TABLE atest4; DROP TABLE atest5; DROP TABLE atest6; DROP TABLE atestc; DROP TABLE atestp1; DROP TABLE atestp2; SELECT lo_unlink(oid) FROM pg_largeobject_metadata; lo_unlink ----------- 1 1 1 1 1 (5 rows) DROP GROUP regressgroup1; DROP GROUP regressgroup2; -- these are needed to clean up permissions REVOKE USAGE ON LANGUAGE sql FROM regressuser1; DROP OWNED BY regressuser1; DROP USER regressuser1; DROP USER regressuser2; DROP USER regressuser3; DROP USER regressuser4; DROP USER regressuser5; DROP USER regressuser6; ERROR: role "regressuser6" does not exist