Skip to content

Commit 7292055

Browse files
committed
Add support for privileges on types
This adds support for the more or less SQL-conforming USAGE privilege on types and domains. The intent is to be able restrict which users can create dependencies on types, which restricts the way in which owners can alter types. reviewed by Yeb Havinga
1 parent 05e992e commit 7292055

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

41 files changed

+1249
-201
lines changed

doc/src/sgml/information_schema.sgml

Lines changed: 20 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -284,6 +284,8 @@
284284
the attributes of composite data types defined in the database.
285285
(Note that the view does not give information about table columns,
286286
which are sometimes called attributes in PostgreSQL contexts.)
287+
Only those attributes are shown that the current user has access to (by way
288+
of being the owner of or having some privilege on the type).
287289
</para>
288290

289291
<table>
@@ -1915,8 +1917,10 @@
19151917
<title><literal>domain_constraints</literal></title>
19161918

19171919
<para>
1918-
The view <literal>domain_constraints</literal> contains all
1919-
constraints belonging to domains defined in the current database.
1920+
The view <literal>domain_constraints</literal> contains all constraints
1921+
belonging to domains defined in the current database. Only those domains
1922+
are shown that the current user has access to (by way of being the owner or
1923+
having some privilege).
19201924
</para>
19211925

19221926
<table>
@@ -2052,8 +2056,9 @@
20522056
<title><literal>domains</literal></title>
20532057

20542058
<para>
2055-
The view <literal>domains</literal> contains all domains defined in
2056-
the current database.
2059+
The view <literal>domains</literal> contains all domains defined in the
2060+
current database. Only those domains are shown that the current user has
2061+
access to (by way of being the owner or having some privilege).
20572062
</para>
20582063

20592064
<table>
@@ -5778,15 +5783,13 @@ ORDER BY c.ordinal_position;
57785783
<title><literal>udt_privileges</literal></title>
57795784

57805785
<para>
5781-
The view <literal>udt_privileges</literal> is intended to identify
5782-
<literal>USAGE</literal> privileges granted on user-defined types
5783-
to a currently enabled role or by a currently enabled role. Since
5784-
data types do not have real privileges
5785-
in <productname>PostgreSQL</productname>, this view shows implicit
5786-
non-grantable <literal>USAGE</literal> privileges granted by the
5787-
owner to <literal>PUBLIC</literal> for all types, including
5788-
built-in ones (except domains,
5789-
see <xref linkend="infoschema-usage-privileges"> for that).
5786+
The view <literal>udt_privileges</literal> identifies
5787+
<literal>USAGE</literal> privileges granted on user-defined types to a
5788+
currently enabled role or by a currently enabled role. There is one row for
5789+
each combination of column, grantor, and grantee. This view shows only
5790+
composite types (see under <xref linkend="infoschema-user-defined-types">
5791+
for why); see
5792+
<xref linkend="infoschema-usage-privileges"> for domain privileges.
57905793
</para>
57915794

57925795
<table>
@@ -5861,10 +5864,10 @@ ORDER BY c.ordinal_position;
58615864
</para>
58625865

58635866
<para>
5864-
Since collations and domains do not have real privileges
5867+
Since collations do not have real privileges
58655868
in <productname>PostgreSQL</productname>, this view shows implicit
58665869
non-grantable <literal>USAGE</literal> privileges granted by the
5867-
owner to <literal>PUBLIC</literal> for all collations and domains. The other
5870+
owner to <literal>PUBLIC</literal> for all collations. The other
58685871
object types, however, show real privileges.
58695872
</para>
58705873

@@ -5940,6 +5943,8 @@ ORDER BY c.ordinal_position;
59405943
<para>
59415944
The view <literal>user_defined_types</literal> currently contains
59425945
all composite types defined in the current database.
5946+
Only those types are shown that the current user has access to (by way
5947+
of being the owner or having some privilege).
59435948
</para>
59445949

59455950
<para>

doc/src/sgml/ref/alter_default_privileges.sgml

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,10 @@ GRANT { EXECUTE | ALL [ PRIVILEGES ] }
4242
ON FUNCTIONS
4343
TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
4444

45+
GRANT { USAGE | ALL [ PRIVILEGES ] }
46+
ON TYPES
47+
TO { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
48+
4549
REVOKE [ GRANT OPTION FOR ]
4650
{ { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
4751
[, ...] | ALL [ PRIVILEGES ] }
@@ -61,6 +65,12 @@ REVOKE [ GRANT OPTION FOR ]
6165
ON FUNCTIONS
6266
FROM { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...]
6367
[ CASCADE | RESTRICT ]
68+
69+
REVOKE [ GRANT OPTION FOR ]
70+
{ USAGE | ALL [ PRIVILEGES ] }
71+
ON TYPES
72+
FROM { [ GROUP ] <replaceable class="PARAMETER">role_name</replaceable> | PUBLIC } [, ...]
73+
[ CASCADE | RESTRICT ]
6474
</synopsis>
6575
</refsynopsisdiv>
6676

@@ -72,7 +82,7 @@ REVOKE [ GRANT OPTION FOR ]
7282
that will be applied to objects created in the future. (It does not
7383
affect privileges assigned to already-existing objects.) Currently,
7484
only the privileges for tables (including views and foreign tables),
75-
sequences, and functions can be altered.
85+
sequences, functions, and types (including domains) can be altered.
7686
</para>
7787

7888
<para>

doc/src/sgml/ref/alter_foreign_table.sgml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,8 @@ ALTER FOREIGN TABLE <replaceable class="PARAMETER">name</replaceable>
157157
the table's schema. (These restrictions enforce that altering the owner
158158
doesn't do anything you couldn't do by dropping and recreating the table.
159159
However, a superuser can alter ownership of any table anyway.)
160+
To add a column or alter a column type, you must also
161+
have <literal>USAGE</literal> privilege on the data type.
160162
</para>
161163
</refsect1>
162164

doc/src/sgml/ref/alter_table.sgml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -594,6 +594,9 @@ ALTER TABLE <replaceable class="PARAMETER">name</replaceable>
594594
the table's schema. (These restrictions enforce that altering the owner
595595
doesn't do anything you couldn't do by dropping and recreating the table.
596596
However, a superuser can alter ownership of any table anyway.)
597+
To add a column or alter a column type or use the <literal>OF</literal>
598+
clause, you must also have <literal>USAGE</literal> privilege on the data
599+
type.
597600
</para>
598601
</refsect1>
599602

doc/src/sgml/ref/alter_type.sgml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -156,6 +156,8 @@ ALTER TYPE <replaceable class="PARAMETER">name</replaceable> ADD VALUE <replacea
156156
the type's schema. (These restrictions enforce that altering the owner
157157
doesn't do anything you couldn't do by dropping and recreating the type.
158158
However, a superuser can alter ownership of any type anyway.)
159+
To add an attribute or alter an attribute type, you must also
160+
have <literal>USAGE</literal> privilege on the data type.
159161
</para>
160162
</refsect1>
161163

doc/src/sgml/ref/create_aggregate.sgml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,13 @@ SELECT col FROM tab ORDER BY col USING sortop LIMIT 1;
163163
than</quote> or <quote>greater than</quote> strategy member of a B-tree
164164
index operator class.
165165
</para>
166+
167+
<para>
168+
To be able to create an aggregate function, you must
169+
have <literal>USAGE</literal> privilege on the argument types, the state
170+
type, and the return type, as well as <literal>EXECUTE</literal> privilege
171+
on the transition and final functions.
172+
</para>
166173
</refsect1>
167174

168175
<refsect1>

doc/src/sgml/ref/create_cast.sgml

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -159,10 +159,11 @@ SELECT CAST ( 2 AS numeric ) + 4.0;
159159
</note>
160160

161161
<para>
162-
To be able to create a cast, you must own the source or the target
163-
data type. To create a binary-coercible cast, you must be superuser.
164-
(This restriction is made because an erroneous binary-coercible cast
165-
conversion can easily crash the server.)
162+
To be able to create a cast, you must own the source or the target data type
163+
and have <literal>USAGE</literal> privilege on the other type. To create a
164+
binary-coercible cast, you must be superuser. (This restriction is made
165+
because an erroneous binary-coercible cast conversion can easily crash the
166+
server.)
166167
</para>
167168
</refsect1>
168169

doc/src/sgml/ref/create_domain.sgml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,11 @@ CREATE DOMAIN <replaceable class="parameter">name</replaceable> [ AS ] <replacea
5959
Define a domain rather than setting up each table's constraint
6060
individually.
6161
</para>
62+
63+
<para>
64+
To be able to create a domain, you must have <literal>USAGE</literal>
65+
privilege on the underlying type.
66+
</para>
6267
</refsect1>
6368

6469
<refsect1>

doc/src/sgml/ref/create_foreign_table.sgml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,11 @@ CREATE FOREIGN TABLE [ IF NOT EXISTS ] <replaceable class="PARAMETER">table_name
5252
the foreign table. Therefore, foreign tables cannot have the same
5353
name as any existing data type in the same schema.
5454
</para>
55+
56+
<para>
57+
To be able to create a table, you must have <literal>USAGE</literal>
58+
privilege on all column types.
59+
</para>
5560
</refsect1>
5661

5762
<refsect1>

doc/src/sgml/ref/create_function.sgml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,11 @@ CREATE [ OR REPLACE ] FUNCTION
9292
<para>
9393
The user that creates the function becomes the owner of the function.
9494
</para>
95+
96+
<para>
97+
To be able to create a function, you must have <literal>USAGE</literal>
98+
privilege on the argument types and the return type.
99+
</para>
95100
</refsect1>
96101

97102
<refsect1>

0 commit comments

Comments
 (0)