@@ -735,59 +735,63 @@ SELECT * FROM check_estimated_rows('SELECT * FROM mcv_lists_bool WHERE NOT a AND
735
735
-- the underlying table.
736
736
--
737
737
-- Currently this is only relevant for MCV stats.
738
- CREATE TABLE priv_test_tbl (
738
+ CREATE SCHEMA tststats;
739
+ CREATE TABLE tststats.priv_test_tbl (
739
740
a int,
740
741
b int
741
742
);
742
- INSERT INTO priv_test_tbl
743
+ INSERT INTO tststats. priv_test_tbl
743
744
SELECT mod(i,5), mod(i,10) FROM generate_series(1,100) s(i);
744
- CREATE STATISTICS priv_test_stats (mcv) ON a, b
745
- FROM priv_test_tbl;
746
- ANALYZE priv_test_tbl;
745
+ CREATE STATISTICS tststats. priv_test_stats (mcv) ON a, b
746
+ FROM tststats. priv_test_tbl;
747
+ ANALYZE tststats. priv_test_tbl;
747
748
-- User with no access
748
749
CREATE USER regress_stats_user1;
750
+ GRANT USAGE ON SCHEMA tststats TO regress_stats_user1;
749
751
SET SESSION AUTHORIZATION regress_stats_user1;
750
- SELECT * FROM priv_test_tbl; -- Permission denied
752
+ SELECT * FROM tststats. priv_test_tbl; -- Permission denied
751
753
ERROR: permission denied for table priv_test_tbl
752
754
-- Attempt to gain access using a leaky operator
753
755
CREATE FUNCTION op_leak(int, int) RETURNS bool
754
756
AS 'BEGIN RAISE NOTICE ''op_leak => %, %'', $1, $2; RETURN $1 < $2; END'
755
757
LANGUAGE plpgsql;
756
758
CREATE OPERATOR <<< (procedure = op_leak, leftarg = int, rightarg = int,
757
759
restrict = scalarltsel);
758
- SELECT * FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
760
+ SELECT * FROM tststats. priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
759
761
ERROR: permission denied for table priv_test_tbl
760
- DELETE FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
762
+ DELETE FROM tststats. priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Permission denied
761
763
ERROR: permission denied for table priv_test_tbl
762
764
-- Grant access via a security barrier view, but hide all data
763
765
RESET SESSION AUTHORIZATION;
764
- CREATE VIEW priv_test_view WITH (security_barrier=true)
765
- AS SELECT * FROM priv_test_tbl WHERE false;
766
- GRANT SELECT, DELETE ON priv_test_view TO regress_stats_user1;
766
+ CREATE VIEW tststats. priv_test_view WITH (security_barrier=true)
767
+ AS SELECT * FROM tststats. priv_test_tbl WHERE false;
768
+ GRANT SELECT, DELETE ON tststats. priv_test_view TO regress_stats_user1;
767
769
-- Should now have access via the view, but see nothing and leak nothing
768
770
SET SESSION AUTHORIZATION regress_stats_user1;
769
- SELECT * FROM priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
771
+ SELECT * FROM tststats. priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
770
772
a | b
771
773
---+---
772
774
(0 rows)
773
775
774
- DELETE FROM priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
776
+ DELETE FROM tststats. priv_test_view WHERE a <<< 0 AND b <<< 0; -- Should not leak
775
777
-- Grant table access, but hide all data with RLS
776
778
RESET SESSION AUTHORIZATION;
777
- ALTER TABLE priv_test_tbl ENABLE ROW LEVEL SECURITY;
778
- GRANT SELECT, DELETE ON priv_test_tbl TO regress_stats_user1;
779
+ ALTER TABLE tststats. priv_test_tbl ENABLE ROW LEVEL SECURITY;
780
+ GRANT SELECT, DELETE ON tststats. priv_test_tbl TO regress_stats_user1;
779
781
-- Should now have direct table access, but see nothing and leak nothing
780
782
SET SESSION AUTHORIZATION regress_stats_user1;
781
- SELECT * FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
783
+ SELECT * FROM tststats. priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
782
784
a | b
783
785
---+---
784
786
(0 rows)
785
787
786
- DELETE FROM priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
788
+ DELETE FROM tststats. priv_test_tbl WHERE a <<< 0 AND b <<< 0; -- Should not leak
787
789
-- Tidy up
788
790
DROP OPERATOR <<< (int, int);
789
791
DROP FUNCTION op_leak(int, int);
790
792
RESET SESSION AUTHORIZATION;
791
- DROP VIEW priv_test_view;
792
- DROP TABLE priv_test_tbl;
793
+ DROP SCHEMA tststats CASCADE;
794
+ NOTICE: drop cascades to 2 other objects
795
+ DETAIL: drop cascades to table tststats.priv_test_tbl
796
+ drop cascades to view tststats.priv_test_view
793
797
DROP USER regress_stats_user1;
0 commit comments