82#include "utils/fmgroids.h"
131 int num_col_privileges);
135 int num_col_privileges);
139 bool all_privs,
AclMode privileges,
140 Oid objectId,
Oid grantorId,
185 Oid grantorId,
Oid ownerId)
210 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
211 errmsg(
"grant options can only be granted to roles")));
226 newer_acl =
aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
285 elog(
ERROR,
"grantable rights not supported for event triggers");
295 elog(
ERROR,
"unrecognized object type: %d", objtype);
307 if (
pg_aclmask(objtype, objectId, att_number, grantorId,
328 if (this_privileges == 0)
332 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
333 errmsg(
"no privileges were granted for column \"%s\" of relation \"%s\"",
337 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
338 errmsg(
"no privileges were granted for \"%s\"",
341 else if (!all_privs && this_privileges != privileges)
345 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
346 errmsg(
"not all privileges were granted for column \"%s\" of relation \"%s\"",
350 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
351 errmsg(
"not all privileges were granted for \"%s\"",
357 if (this_privileges == 0)
361 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
362 errmsg(
"no privileges could be revoked for column \"%s\" of relation \"%s\"",
366 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
367 errmsg(
"no privileges could be revoked for \"%s\"",
370 else if (!all_privs && this_privileges != privileges)
374 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
375 errmsg(
"not all privileges could be revoked for column \"%s\" of relation \"%s\"",
379 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
380 errmsg(
"not all privileges could be revoked for \"%s\"",
385 return this_privileges;
396 const char *errormsg;
411 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
412 errmsg(
"grantor must be current user")));
422 switch (
stmt->targtype)
433 elog(
ERROR,
"unrecognized GrantStmt.targtype: %d",
434 (
int)
stmt->targtype);
449 foreach(cell,
stmt->grantees)
470 switch (
stmt->objtype)
480 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
484 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
488 errormsg =
gettext_noop(
"invalid privilege type %s for database");
492 errormsg =
gettext_noop(
"invalid privilege type %s for domain");
496 errormsg =
gettext_noop(
"invalid privilege type %s for function");
500 errormsg =
gettext_noop(
"invalid privilege type %s for language");
504 errormsg =
gettext_noop(
"invalid privilege type %s for large object");
508 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
512 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
516 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
520 errormsg =
gettext_noop(
"invalid privilege type %s for tablespace");
524 errormsg =
gettext_noop(
"invalid privilege type %s for type");
528 errormsg =
gettext_noop(
"invalid privilege type %s for foreign-data wrapper");
532 errormsg =
gettext_noop(
"invalid privilege type %s for foreign server");
536 errormsg =
gettext_noop(
"invalid privilege type %s for parameter");
539 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
540 (
int)
stmt->objtype);
561 foreach(cell,
stmt->privileges)
574 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
575 errmsg(
"column privileges are only valid for relations")));
581 elog(
ERROR,
"AccessPriv node must specify privilege or columns");
584 if (priv & ~((
AclMode) all_privileges))
586 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
644 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
679 foreach(cell, objnames)
696 foreach(cell, objnames)
715 foreach(cell, objnames)
733 foreach(cell, objnames)
781 foreach(cell, nspnames)
819 Anum_pg_proc_pronamespace,
826 Anum_pg_proc_prokind,
831 Anum_pg_proc_prokind,
851 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
874 Anum_pg_class_relnamespace,
878 Anum_pg_class_relkind,
913 const char *errormsg;
916 foreach(cell,
stmt->options)
920 if (strcmp(defel->
defname,
"schemas") == 0)
926 else if (strcmp(defel->
defname,
"roles") == 0)
937 nspnames = (
List *) dnspnames->
arg;
939 rolespecs = (
List *) drolespecs->
arg;
957 foreach(cell,
action->grantees)
982 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
986 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
990 errormsg =
gettext_noop(
"invalid privilege type %s for function");
994 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
998 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
1002 errormsg =
gettext_noop(
"invalid privilege type %s for type");
1006 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
1009 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
1031 foreach(cell,
action->privileges)
1038 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1039 errmsg(
"default privileges cannot be set for columns")));
1042 elog(
ERROR,
"AccessPriv node must specify privilege");
1045 if (priv & ~((
AclMode) all_privileges))
1047 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1054 if (rolespecs ==
NIL)
1066 foreach(rolecell, rolespecs)
1074 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1075 errmsg(
"permission denied to change default privileges")));
1090 if (nspnames ==
NIL)
1102 foreach(nspcell, nspnames)
1166 objtype = DEFACLOBJ_RELATION;
1172 objtype = DEFACLOBJ_SEQUENCE;
1178 objtype = DEFACLOBJ_FUNCTION;
1184 objtype = DEFACLOBJ_TYPE;
1192 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1193 errmsg(
"cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1194 objtype = DEFACLOBJ_NAMESPACE;
1200 elog(
ERROR,
"unrecognized object type: %d",
1218 Anum_pg_default_acl_defaclacl,
1232 if (old_acl != NULL)
1239 noldmembers =
aclmembers(old_acl, &oldmembers);
1282 myself.
classId = DefaultAclRelationId;
1292 bool nulls[Natts_pg_default_acl] = {0};
1293 bool replaces[Natts_pg_default_acl] = {0};
1300 Anum_pg_default_acl_oid);
1316 replaces[Anum_pg_default_acl_defaclacl - 1] =
true;
1319 values, nulls, replaces);
1336 myself.
classId = DefaultAclRelationId;
1340 referenced.
classId = NamespaceRelationId;
1351 nnewmembers =
aclmembers(new_acl, &newmembers);
1356 noldmembers, oldmembers,
1357 nnewmembers, newmembers);
1395 if (classid == DefaultAclRelationId)
1408 Anum_pg_default_acl_oid,
1418 elog(
ERROR,
"could not find tuple for default ACL %u", objid);
1422 iacls.
roleid = pg_default_acl_tuple->defaclrole;
1423 iacls.
nspid = pg_default_acl_tuple->defaclnamespace;
1425 switch (pg_default_acl_tuple->defaclobjtype)
1427 case DEFACLOBJ_RELATION:
1430 case DEFACLOBJ_SEQUENCE:
1433 case DEFACLOBJ_FUNCTION:
1436 case DEFACLOBJ_TYPE:
1439 case DEFACLOBJ_NAMESPACE:
1444 elog(
ERROR,
"unexpected default ACL type: %d",
1445 (
int) pg_default_acl_tuple->defaclobjtype);
1468 case RelationRelationId:
1472 case DatabaseRelationId:
1475 case TypeRelationId:
1478 case ProcedureRelationId:
1481 case LanguageRelationId:
1484 case LargeObjectRelationId:
1487 case NamespaceRelationId:
1490 case TableSpaceRelationId:
1493 case ForeignServerRelationId:
1496 case ForeignDataWrapperRelationId:
1499 case ParameterAclRelationId:
1503 elog(
ERROR,
"unexpected object class %u", classid);
1531 int num_col_privileges)
1535 foreach(cell, colnames)
1543 (
errcode(ERRCODE_UNDEFINED_COLUMN),
1544 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
1547 if (attnum <= 0 || attnum >= num_col_privileges)
1548 elog(
ERROR,
"column number out of range");
1549 col_privileges[
attnum] |= this_privileges;
1564 int num_col_privileges)
1570 curr_att <= classForm->relnatts;
1580 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1587 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1588 curr_att, table_oid);
1623 bool nulls[Natts_pg_attribute] = {0};
1624 bool replaces[Natts_pg_attribute] = {0};
1634 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1642 aclDatum =
SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1655 noldmembers =
aclmembers(old_acl, &oldmembers);
1664 merged_acl =
aclconcat(old_rel_acl, old_acl);
1668 merged_acl, ownerId,
1669 &grantorId, &avail_goptions);
1687 NameStr(pg_attribute_tuple->attname));
1695 col_privileges, grantorId,
1702 nnewmembers =
aclmembers(new_acl, &newmembers);
1720 nulls[Anum_pg_attribute_attacl - 1] =
true;
1721 need_update = !isNull;
1723 replaces[Anum_pg_attribute_attacl - 1] =
true;
1728 values, nulls, replaces);
1734 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1739 noldmembers, oldmembers,
1740 nnewmembers, newmembers);
1769 int num_col_privileges;
1770 bool have_col_privileges;
1781 elog(
ERROR,
"cache lookup failed for relation %u", relOid);
1785 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1786 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1788 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1789 errmsg(
"\"%s\" is an index",
1790 NameStr(pg_class_tuple->relname))));
1793 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1795 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1796 errmsg(
"\"%s\" is a composite type",
1797 NameStr(pg_class_tuple->relname))));
1801 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1803 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1804 errmsg(
"\"%s\" is not a sequence",
1805 NameStr(pg_class_tuple->relname))));
1810 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1826 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1841 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1842 errmsg(
"sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1843 NameStr(pg_class_tuple->relname))));
1858 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1859 errmsg(
"invalid privilege type %s for table",
1872 have_col_privileges =
false;
1887 num_col_privileges);
1888 have_col_privileges =
true;
1895 ownerId = pg_class_tuple->relowner;
1900 switch (pg_class_tuple->relkind)
1902 case RELKIND_SEQUENCE:
1917 noldmembers =
aclmembers(old_acl, &oldmembers);
1921 old_rel_acl =
aclcopy(old_acl);
1933 bool nulls[Natts_pg_class] = {0};
1934 bool replaces[Natts_pg_class] = {0};
1942 &grantorId, &avail_goptions);
1944 switch (pg_class_tuple->relkind)
1946 case RELKIND_SEQUENCE:
1961 relOid, grantorId, objtype,
1962 NameStr(pg_class_tuple->relname),
1981 nnewmembers =
aclmembers(new_acl, &newmembers);
1984 replaces[Anum_pg_class_relacl - 1] =
true;
1988 values, nulls, replaces);
1999 noldmembers, oldmembers,
2000 nnewmembers, newmembers);
2012 foreach(cell_colprivs, istmt->
col_privs)
2023 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2024 errmsg(
"invalid privilege type %s for column",
2027 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2036 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2037 errmsg(
"sequence \"%s\" only supports SELECT column privileges",
2038 NameStr(pg_class_tuple->relname))));
2046 num_col_privileges);
2047 have_col_privileges =
true;
2050 if (have_col_privileges)
2054 for (
i = 0;
i < num_col_privileges;
i++)
2060 NameStr(pg_class_tuple->relname),
2070 pfree(col_privileges);
2127 object_check(istmt, tuple);
2151 noldmembers =
aclmembers(old_acl, &oldmembers);
2157 &grantorId, &avail_goptions);
2179 grantorId, ownerId);
2185 nnewmembers =
aclmembers(new_acl, &newmembers);
2204 noldmembers, oldmembers,
2205 nnewmembers, newmembers);
2225 if (!pg_language_tuple->lanpltrusted)
2227 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2228 errmsg(
"language \"%s\" is not trusted",
2229 NameStr(pg_language_tuple->lanname)),
2230 errdetail(
"GRANT and REVOKE are not allowed on untrusted languages, "
2231 "because only superusers can use untrusted languages.")));
2243 relation =
table_open(LargeObjectMetadataRelationId,
2260 Datum values[Natts_pg_largeobject_metadata] = {0};
2261 bool nulls[Natts_pg_largeobject_metadata] = {0};
2262 bool replaces[Natts_pg_largeobject_metadata] = {0};
2273 Anum_pg_largeobject_metadata_oid,
2278 LargeObjectMetadataOidIndexId,
true,
2283 elog(
ERROR,
"could not find tuple for large object %u", loid);
2291 ownerId = form_lo_meta->lomowner;
2293 Anum_pg_largeobject_metadata_lomacl,
2306 noldmembers =
aclmembers(old_acl, &oldmembers);
2312 &grantorId, &avail_goptions);
2318 snprintf(loname,
sizeof(loname),
"large object %u", loid);
2331 grantorId, ownerId);
2337 nnewmembers =
aclmembers(new_acl, &newmembers);
2340 replaces[Anum_pg_largeobject_metadata_lomacl - 1] =
true;
2341 values[Anum_pg_largeobject_metadata_lomacl - 1]
2345 values, nulls, replaces);
2354 form_lo_meta->oid, 0,
2356 noldmembers, oldmembers,
2357 nnewmembers, newmembers);
2378 if (IsTrueArrayType(pg_type_tuple))
2380 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2381 errmsg(
"cannot set privileges of array types"),
2382 errhint(
"Set the privileges of the element type instead.")));
2383 if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2385 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2386 errmsg(
"cannot set privileges of multirange types"),
2387 errhint(
"Set the privileges of the range type instead.")));
2405 const char *parname;
2422 elog(
ERROR,
"cache lookup failed for parameter ACL %u",
2427 Anum_pg_parameter_acl_parname);
2431 ownerId = BOOTSTRAP_SUPERUSERID;
2438 Anum_pg_parameter_acl_paracl,
2452 noldmembers =
aclmembers(old_acl, &oldmembers);
2458 &grantorId, &avail_goptions);
2467 parameterId, grantorId,
2478 grantorId, ownerId);
2484 nnewmembers =
aclmembers(new_acl, &newmembers);
2500 bool nulls[Natts_pg_parameter_acl] = {0};
2501 bool replaces[Natts_pg_parameter_acl] = {0};
2503 replaces[Anum_pg_parameter_acl_paracl - 1] =
true;
2507 values, nulls, replaces);
2519 noldmembers, oldmembers,
2520 nnewmembers, newmembers);
2536 if (strcmp(privname,
"insert") == 0)
2538 if (strcmp(privname,
"select") == 0)
2540 if (strcmp(privname,
"update") == 0)
2542 if (strcmp(privname,
"delete") == 0)
2544 if (strcmp(privname,
"truncate") == 0)
2546 if (strcmp(privname,
"references") == 0)
2548 if (strcmp(privname,
"trigger") == 0)
2550 if (strcmp(privname,
"execute") == 0)
2552 if (strcmp(privname,
"usage") == 0)
2554 if (strcmp(privname,
"create") == 0)
2556 if (strcmp(privname,
"temporary") == 0)
2558 if (strcmp(privname,
"temp") == 0)
2560 if (strcmp(privname,
"connect") == 0)
2562 if (strcmp(privname,
"set") == 0)
2564 if (strcmp(privname,
"alter system") == 0)
2566 if (strcmp(privname,
"maintain") == 0)
2569 (
errcode(ERRCODE_SYNTAX_ERROR),
2570 errmsg(
"unrecognized privilege type \"%s\"", privname)));
2590 return "REFERENCES";
2606 return "ALTER SYSTEM";
2610 elog(
ERROR,
"unrecognized privilege: %d", (
int) privilege);
2623 const char *objectname)
2632 const char *msg =
"???";
2637 msg =
gettext_noop(
"permission denied for aggregate %s");
2640 msg =
gettext_noop(
"permission denied for collation %s");
2646 msg =
gettext_noop(
"permission denied for conversion %s");
2649 msg =
gettext_noop(
"permission denied for database %s");
2655 msg =
gettext_noop(
"permission denied for event trigger %s");
2658 msg =
gettext_noop(
"permission denied for extension %s");
2661 msg =
gettext_noop(
"permission denied for foreign-data wrapper %s");
2664 msg =
gettext_noop(
"permission denied for foreign server %s");
2667 msg =
gettext_noop(
"permission denied for foreign table %s");
2670 msg =
gettext_noop(
"permission denied for function %s");
2676 msg =
gettext_noop(
"permission denied for language %s");
2679 msg =
gettext_noop(
"permission denied for large object %s");
2682 msg =
gettext_noop(
"permission denied for materialized view %s");
2685 msg =
gettext_noop(
"permission denied for operator class %s");
2688 msg =
gettext_noop(
"permission denied for operator %s");
2691 msg =
gettext_noop(
"permission denied for operator family %s");
2694 msg =
gettext_noop(
"permission denied for parameter %s");
2700 msg =
gettext_noop(
"permission denied for procedure %s");
2703 msg =
gettext_noop(
"permission denied for publication %s");
2706 msg =
gettext_noop(
"permission denied for routine %s");
2712 msg =
gettext_noop(
"permission denied for sequence %s");
2715 msg =
gettext_noop(
"permission denied for statistics object %s");
2718 msg =
gettext_noop(
"permission denied for subscription %s");
2724 msg =
gettext_noop(
"permission denied for tablespace %s");
2727 msg =
gettext_noop(
"permission denied for text search configuration %s");
2730 msg =
gettext_noop(
"permission denied for text search dictionary %s");
2757 elog(
ERROR,
"unsupported object type: %d", objtype);
2761 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2762 errmsg(msg, objectname)));
2767 const char *msg =
"???";
2787 msg =
gettext_noop(
"must be owner of event trigger %s");
2793 msg =
gettext_noop(
"must be owner of foreign-data wrapper %s");
2796 msg =
gettext_noop(
"must be owner of foreign server %s");
2799 msg =
gettext_noop(
"must be owner of foreign table %s");
2811 msg =
gettext_noop(
"must be owner of large object %s");
2814 msg =
gettext_noop(
"must be owner of materialized view %s");
2817 msg =
gettext_noop(
"must be owner of operator class %s");
2823 msg =
gettext_noop(
"must be owner of operator family %s");
2838 msg =
gettext_noop(
"must be owner of subscription %s");
2853 msg =
gettext_noop(
"must be owner of statistics object %s");
2859 msg =
gettext_noop(
"must be owner of text search configuration %s");
2862 msg =
gettext_noop(
"must be owner of text search dictionary %s");
2895 elog(
ERROR,
"unsupported object type: %d", objtype);
2899 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2900 errmsg(msg, objectname)));
2904 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2912 const char *objectname,
const char *colname)
2921 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2922 errmsg(
"permission denied for column \"%s\" of relation \"%s\"",
2923 colname, objectname)));
2930 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2966 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
2968 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
2970 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
2977 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
2979 elog(
ERROR,
"grantable rights not supported for statistics objects");
2983 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
2985 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
2987 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
2989 elog(
ERROR,
"grantable rights not supported for event triggers");
2993 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
2995 elog(
ERROR,
"unrecognized object type: %d",
3040 case NamespaceRelationId:
3043 case TypeRelationId:
3049 Assert(classid != RelationRelationId);
3050 Assert(classid != LargeObjectMetadataRelationId);
3066 if (is_missing != NULL)
3073 elog(
ERROR,
"cache lookup failed for %s %u",
3087 aclDatum = (
Datum) 0;
3095 result =
aclmask(acl, roleid, ownerId, mask, how);
3147 if (is_missing != NULL)
3155 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3156 errmsg(
"attribute %d of relation with OID %u does not exist",
3163 if (attributeForm->attisdropped)
3165 if (is_missing != NULL)
3174 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3175 errmsg(
"attribute %d of relation with OID %u does not exist",
3179 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3204 if (is_missing != NULL)
3213 errmsg(
"relation with OID %u does not exist",
3218 ownerId = classForm->relowner;
3225 result =
aclmask(acl, roleid, ownerId, mask, how);
3267 if (is_missing != NULL)
3276 errmsg(
"relation with OID %u does not exist",
3292 classForm->relkind != RELKIND_VIEW &&
3308 ownerId = classForm->relowner;
3315 switch (classForm->relkind)
3317 case RELKIND_SEQUENCE:
3324 aclDatum = (
Datum) 0;
3332 result =
aclmask(acl, roleid, ownerId, mask, how);
3410 Anum_pg_parameter_acl_paracl,
3416 aclDatum = (
Datum) 0;
3424 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3460 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3461 errmsg(
"parameter ACL with OID %u does not exist",
3465 Anum_pg_parameter_acl_paracl,
3471 aclDatum = (
Datum) 0;
3479 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3524 pg_lo_meta =
table_open(LargeObjectMetadataRelationId,
3528 Anum_pg_largeobject_metadata_oid,
3533 LargeObjectMetadataOidIndexId,
true,
3534 snapshot, 1, entry);
3539 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3540 errmsg(
"large object %u does not exist", lobj_oid)));
3544 aclDatum =
heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3551 aclDatum = (
Datum) 0;
3559 result =
aclmask(acl, roleid, ownerId, mask, how);
3625 if (is_missing != NULL)
3633 (
errcode(ERRCODE_UNDEFINED_SCHEMA),
3634 errmsg(
"schema with OID %u does not exist", nsp_oid)));
3639 aclDatum =
SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3645 aclDatum = (
Datum) 0;
3653 result =
aclmask(acl, roleid, ownerId, mask, how);
3699 if (is_missing != NULL)
3707 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3708 errmsg(
"type with OID %u does not exist",
3717 if (IsTrueArrayType(typeForm))
3719 Oid elttype_oid = typeForm->typelem;
3726 if (is_missing != NULL)
3734 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3735 errmsg(
"type with OID %u does not exist",
3746 if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3755 if (is_missing != NULL)
3763 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3764 errmsg(
"type with OID %u does not exist",
3773 ownerId = typeForm->typowner;
3776 Anum_pg_type_typacl, &isNull);
3781 aclDatum = (
Datum) 0;
3789 result =
aclmask(acl, roleid, ownerId, mask, how);
3906 if (is_missing != NULL)
3915 errmsg(
"relation with OID %u does not exist",
3920 ownerId = classForm->relowner;
3921 nattrs = classForm->relnatts;
3931 for (curr_att = 1; curr_att <= nattrs; curr_att++)
3958 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4068 if (classid == LargeObjectRelationId)
4069 classid = LargeObjectMetadataRelationId;
4079 elog(
ERROR,
"cache lookup failed for %s %u",
4109 elog(
ERROR,
"could not find tuple for %s %u",
4139 bool result =
false;
4158 bool result =
false;
4196 Anum_pg_default_acl_defaclacl,
4234 defaclobjtype = DEFACLOBJ_RELATION;
4238 defaclobjtype = DEFACLOBJ_SEQUENCE;
4242 defaclobjtype = DEFACLOBJ_FUNCTION;
4246 defaclobjtype = DEFACLOBJ_TYPE;
4250 defaclobjtype = DEFACLOBJ_NAMESPACE;
4262 if (glob_acl == NULL && schema_acl == NULL)
4269 if (glob_acl == NULL)
4273 result =
aclmerge(glob_acl, schema_acl, ownerId);
4327 if (classoid == RelationRelationId)
4336 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4344 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4345 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4346 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4356 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4359 AttrNumber nattrs = pg_class_tuple->relnatts;
4361 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4381 Anum_pg_attribute_attacl,
4408 else if (classoid == LargeObjectRelationId)
4427 Anum_pg_largeobject_metadata_oid,
4432 LargeObjectMetadataOidIndexId,
true,
4437 elog(
ERROR,
"could not find tuple for large object %u", objoid);
4440 Anum_pg_largeobject_metadata_lomacl,
4461 elog(
ERROR,
"cache lookup failed for %s %u",
4489 if (classoid == RelationRelationId)
4496 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4504 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4505 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4506 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4516 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4519 AttrNumber nattrs = pg_class_tuple->relnatts;
4521 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4608 nnewmembers =
aclmembers(new_acl, &newmembers);
4614 Anum_pg_init_privs_objoid,
4618 Anum_pg_init_privs_classoid,
4622 Anum_pg_init_privs_objsubid,
4636 bool nulls[Natts_pg_init_privs] = {0};
4637 bool replace[Natts_pg_init_privs] = {0};
4643 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4647 noldmembers =
aclmembers(old_acl, &oldmembers);
4650 noldmembers, oldmembers,
4651 nnewmembers, newmembers);
4654 if (new_acl &&
ACL_NUM(new_acl) != 0)
4657 replace[Anum_pg_init_privs_initprivs - 1] =
true;
4673 bool nulls[Natts_pg_init_privs] = {0};
4681 if (new_acl &&
ACL_NUM(new_acl) != 0)
4689 values[Anum_pg_init_privs_privtype - 1] =
4703 noldmembers, oldmembers,
4704 nnewmembers, newmembers);
4743 Anum_pg_init_privs_objoid,
4747 Anum_pg_init_privs_classoid,
4751 Anum_pg_init_privs_objsubid,
4773 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4782 new_acl =
aclnewowner(old_acl, oldroleid, newroleid);
4788 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
4795 bool nulls[Natts_pg_init_privs] = {0};
4796 bool replaces[Natts_pg_init_privs] = {0};
4800 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
4803 values, nulls, replaces);
4810 noldmembers =
aclmembers(old_acl, &oldmembers);
4811 nnewmembers =
aclmembers(new_acl, &newmembers);
4814 noldmembers, oldmembers,
4815 nnewmembers, newmembers);
4854 Anum_pg_init_privs_objoid,
4858 Anum_pg_init_privs_classoid,
4862 Anum_pg_init_privs_objsubid,
4884 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4894 noldmembers =
aclmembers(old_acl, &oldmembers);
4900 elog(
ERROR,
"cache lookup failed for %s %u",
4911 if (old_acl != NULL)
4924 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
4931 bool nulls[Natts_pg_init_privs] = {0};
4932 bool replaces[Natts_pg_init_privs] = {0};
4936 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
4939 values, nulls, replaces);
4946 nnewmembers =
aclmembers(new_acl, &newmembers);
4949 noldmembers, oldmembers,
4950 nnewmembers, newmembers);
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Acl * acldefault(ObjectType objtype, Oid ownerId)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
Acl * make_empty_acl(void)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
#define ACLITEM_ALL_PRIV_BITS
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
void RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
void ReplaceRoleInInitPriv(Oid oldroleid, Oid newroleid, Oid classid, Oid objid, int32 objsubid)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static void ExecGrant_Relation(InternalGrant *istmt)
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
bool binary_upgrade_record_init_privs
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define Assert(condition)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
if(TABLE==NULL||TABLE_index==NULL)
List * lappend(List *list, void *datum)
List * list_concat(List *list1, const List *list2)
List * lappend_oid(List *list, Oid datum)
void UnlockTuple(Relation relation, ItemPointer tid, LOCKMODE lockmode)
#define InplaceUpdateTupleLock
char * get_rel_name(Oid relid)
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
Oid get_multirange_range(Oid multirangeOid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
const char * get_object_class_descr(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)