81 #include "utils/fmgroids.h"
130 int num_col_privileges);
134 int num_col_privileges);
138 bool all_privs,
AclMode privileges,
139 Oid objectId,
Oid grantorId,
184 Oid grantorId,
Oid ownerId)
209 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
210 errmsg(
"grant options can only be granted to roles")));
225 newer_acl =
aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
284 elog(
ERROR,
"grantable rights not supported for event triggers");
294 elog(
ERROR,
"unrecognized object type: %d", objtype);
306 if (
pg_aclmask(objtype, objectId, att_number, grantorId,
327 if (this_privileges == 0)
331 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
332 errmsg(
"no privileges were granted for column \"%s\" of relation \"%s\"",
336 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
337 errmsg(
"no privileges were granted for \"%s\"",
340 else if (!all_privs && this_privileges != privileges)
344 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
345 errmsg(
"not all privileges were granted for column \"%s\" of relation \"%s\"",
349 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
350 errmsg(
"not all privileges were granted for \"%s\"",
356 if (this_privileges == 0)
360 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
361 errmsg(
"no privileges could be revoked for column \"%s\" of relation \"%s\"",
365 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
366 errmsg(
"no privileges could be revoked for \"%s\"",
369 else if (!all_privs && this_privileges != privileges)
373 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
374 errmsg(
"not all privileges could be revoked for column \"%s\" of relation \"%s\"",
378 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
379 errmsg(
"not all privileges could be revoked for \"%s\"",
384 return this_privileges;
395 const char *errormsg;
410 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
411 errmsg(
"grantor must be current user")));
421 switch (
stmt->targtype)
432 elog(
ERROR,
"unrecognized GrantStmt.targtype: %d",
433 (
int)
stmt->targtype);
448 foreach(cell,
stmt->grantees)
469 switch (
stmt->objtype)
479 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
483 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
487 errormsg =
gettext_noop(
"invalid privilege type %s for database");
491 errormsg =
gettext_noop(
"invalid privilege type %s for domain");
495 errormsg =
gettext_noop(
"invalid privilege type %s for function");
499 errormsg =
gettext_noop(
"invalid privilege type %s for language");
503 errormsg =
gettext_noop(
"invalid privilege type %s for large object");
507 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
511 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
515 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
519 errormsg =
gettext_noop(
"invalid privilege type %s for tablespace");
523 errormsg =
gettext_noop(
"invalid privilege type %s for type");
527 errormsg =
gettext_noop(
"invalid privilege type %s for foreign-data wrapper");
531 errormsg =
gettext_noop(
"invalid privilege type %s for foreign server");
535 errormsg =
gettext_noop(
"invalid privilege type %s for parameter");
538 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
539 (
int)
stmt->objtype);
560 foreach(cell,
stmt->privileges)
573 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
574 errmsg(
"column privileges are only valid for relations")));
580 elog(
ERROR,
"AccessPriv node must specify privilege or columns");
583 if (priv & ~((
AclMode) all_privileges))
585 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
643 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
679 foreach(cell, objnames)
689 foreach(cell, objnames)
700 foreach(cell, objnames)
710 foreach(cell, objnames)
720 foreach(cell, objnames)
730 foreach(cell, objnames)
736 (
errcode(ERRCODE_UNDEFINED_OBJECT),
737 errmsg(
"large object %u does not exist",
744 foreach(cell, objnames)
754 foreach(cell, objnames)
764 foreach(cell, objnames)
774 foreach(cell, objnames)
784 foreach(cell, objnames)
793 foreach(cell, objnames)
802 foreach(cell, objnames)
833 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
853 foreach(cell, nspnames)
891 Anum_pg_proc_pronamespace,
898 Anum_pg_proc_prokind,
903 Anum_pg_proc_prokind,
923 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
946 Anum_pg_class_relnamespace,
950 Anum_pg_class_relkind,
985 const char *errormsg;
988 foreach(cell,
stmt->options)
992 if (strcmp(defel->
defname,
"schemas") == 0)
998 else if (strcmp(defel->
defname,
"roles") == 0)
1009 nspnames = (
List *) dnspnames->
arg;
1011 rolespecs = (
List *) drolespecs->
arg;
1029 foreach(cell,
action->grantees)
1054 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
1058 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
1062 errormsg =
gettext_noop(
"invalid privilege type %s for function");
1066 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
1070 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
1074 errormsg =
gettext_noop(
"invalid privilege type %s for type");
1078 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
1081 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
1103 foreach(cell,
action->privileges)
1110 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1111 errmsg(
"default privileges cannot be set for columns")));
1114 elog(
ERROR,
"AccessPriv node must specify privilege");
1117 if (priv & ~((
AclMode) all_privileges))
1119 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1126 if (rolespecs ==
NIL)
1138 foreach(rolecell, rolespecs)
1146 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1147 errmsg(
"permission denied to change default privileges")));
1162 if (nspnames ==
NIL)
1174 foreach(nspcell, nspnames)
1238 objtype = DEFACLOBJ_RELATION;
1244 objtype = DEFACLOBJ_SEQUENCE;
1250 objtype = DEFACLOBJ_FUNCTION;
1256 objtype = DEFACLOBJ_TYPE;
1264 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1265 errmsg(
"cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1266 objtype = DEFACLOBJ_NAMESPACE;
1272 elog(
ERROR,
"unrecognized object type: %d",
1290 Anum_pg_default_acl_defaclacl,
1304 if (old_acl != NULL)
1311 noldmembers =
aclmembers(old_acl, &oldmembers);
1354 myself.
classId = DefaultAclRelationId;
1364 bool nulls[Natts_pg_default_acl] = {0};
1365 bool replaces[Natts_pg_default_acl] = {0};
1372 Anum_pg_default_acl_oid);
1388 replaces[Anum_pg_default_acl_defaclacl - 1] =
true;
1391 values, nulls, replaces);
1408 myself.
classId = DefaultAclRelationId;
1412 referenced.
classId = NamespaceRelationId;
1423 nnewmembers =
aclmembers(new_acl, &newmembers);
1428 noldmembers, oldmembers,
1429 nnewmembers, newmembers);
1455 if (classid == DefaultAclRelationId)
1468 Anum_pg_default_acl_oid,
1478 elog(
ERROR,
"could not find tuple for default ACL %u", objid);
1482 iacls.
roleid = pg_default_acl_tuple->defaclrole;
1483 iacls.
nspid = pg_default_acl_tuple->defaclnamespace;
1485 switch (pg_default_acl_tuple->defaclobjtype)
1487 case DEFACLOBJ_RELATION:
1490 case DEFACLOBJ_SEQUENCE:
1493 case DEFACLOBJ_FUNCTION:
1496 case DEFACLOBJ_TYPE:
1499 case DEFACLOBJ_NAMESPACE:
1504 elog(
ERROR,
"unexpected default ACL type: %d",
1505 (
int) pg_default_acl_tuple->defaclobjtype);
1528 case RelationRelationId:
1532 case DatabaseRelationId:
1535 case TypeRelationId:
1538 case ProcedureRelationId:
1541 case LanguageRelationId:
1544 case LargeObjectRelationId:
1547 case NamespaceRelationId:
1550 case TableSpaceRelationId:
1553 case ForeignServerRelationId:
1556 case ForeignDataWrapperRelationId:
1559 case ParameterAclRelationId:
1563 elog(
ERROR,
"unexpected object class %u", classid);
1591 int num_col_privileges)
1595 foreach(cell, colnames)
1603 (
errcode(ERRCODE_UNDEFINED_COLUMN),
1604 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
1607 if (attnum <= 0 || attnum >= num_col_privileges)
1608 elog(
ERROR,
"column number out of range");
1609 col_privileges[
attnum] |= this_privileges;
1624 int num_col_privileges)
1630 curr_att <= classForm->relnatts;
1640 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1647 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1648 curr_att, table_oid);
1683 bool nulls[Natts_pg_attribute] = {0};
1684 bool replaces[Natts_pg_attribute] = {0};
1694 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1702 aclDatum =
SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1715 noldmembers =
aclmembers(old_acl, &oldmembers);
1724 merged_acl =
aclconcat(old_rel_acl, old_acl);
1728 merged_acl, ownerId,
1729 &grantorId, &avail_goptions);
1747 NameStr(pg_attribute_tuple->attname));
1755 col_privileges, grantorId,
1762 nnewmembers =
aclmembers(new_acl, &newmembers);
1780 nulls[Anum_pg_attribute_attacl - 1] =
true;
1781 need_update = !isNull;
1783 replaces[Anum_pg_attribute_attacl - 1] =
true;
1788 values, nulls, replaces);
1794 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1799 noldmembers, oldmembers,
1800 nnewmembers, newmembers);
1829 int num_col_privileges;
1830 bool have_col_privileges;
1841 elog(
ERROR,
"cache lookup failed for relation %u", relOid);
1845 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1846 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1848 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1849 errmsg(
"\"%s\" is an index",
1850 NameStr(pg_class_tuple->relname))));
1853 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1855 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1856 errmsg(
"\"%s\" is a composite type",
1857 NameStr(pg_class_tuple->relname))));
1861 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1863 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1864 errmsg(
"\"%s\" is not a sequence",
1865 NameStr(pg_class_tuple->relname))));
1870 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1886 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1901 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1902 errmsg(
"sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1903 NameStr(pg_class_tuple->relname))));
1918 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1919 errmsg(
"invalid privilege type %s for table",
1932 have_col_privileges =
false;
1947 num_col_privileges);
1948 have_col_privileges =
true;
1955 ownerId = pg_class_tuple->relowner;
1960 switch (pg_class_tuple->relkind)
1962 case RELKIND_SEQUENCE:
1977 noldmembers =
aclmembers(old_acl, &oldmembers);
1981 old_rel_acl =
aclcopy(old_acl);
1993 bool nulls[Natts_pg_class] = {0};
1994 bool replaces[Natts_pg_class] = {0};
2002 &grantorId, &avail_goptions);
2004 switch (pg_class_tuple->relkind)
2006 case RELKIND_SEQUENCE:
2021 relOid, grantorId, objtype,
2022 NameStr(pg_class_tuple->relname),
2041 nnewmembers =
aclmembers(new_acl, &newmembers);
2044 replaces[Anum_pg_class_relacl - 1] =
true;
2048 values, nulls, replaces);
2058 noldmembers, oldmembers,
2059 nnewmembers, newmembers);
2069 foreach(cell_colprivs, istmt->
col_privs)
2080 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2081 errmsg(
"invalid privilege type %s for column",
2084 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2093 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2094 errmsg(
"sequence \"%s\" only supports SELECT column privileges",
2095 NameStr(pg_class_tuple->relname))));
2103 num_col_privileges);
2104 have_col_privileges =
true;
2107 if (have_col_privileges)
2111 for (
i = 0;
i < num_col_privileges;
i++)
2117 NameStr(pg_class_tuple->relname),
2127 pfree(col_privileges);
2184 object_check(istmt, tuple);
2208 noldmembers =
aclmembers(old_acl, &oldmembers);
2214 &grantorId, &avail_goptions);
2236 grantorId, ownerId);
2242 nnewmembers =
aclmembers(new_acl, &newmembers);
2260 noldmembers, oldmembers,
2261 nnewmembers, newmembers);
2281 if (!pg_language_tuple->lanpltrusted)
2283 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2284 errmsg(
"language \"%s\" is not trusted",
2285 NameStr(pg_language_tuple->lanname)),
2286 errdetail(
"GRANT and REVOKE are not allowed on untrusted languages, "
2287 "because only superusers can use untrusted languages.")));
2299 relation =
table_open(LargeObjectMetadataRelationId,
2316 Datum values[Natts_pg_largeobject_metadata] = {0};
2317 bool nulls[Natts_pg_largeobject_metadata] = {0};
2318 bool replaces[Natts_pg_largeobject_metadata] = {0};
2329 Anum_pg_largeobject_metadata_oid,
2334 LargeObjectMetadataOidIndexId,
true,
2339 elog(
ERROR,
"could not find tuple for large object %u", loid);
2347 ownerId = form_lo_meta->lomowner;
2349 Anum_pg_largeobject_metadata_lomacl,
2362 noldmembers =
aclmembers(old_acl, &oldmembers);
2368 &grantorId, &avail_goptions);
2374 snprintf(loname,
sizeof(loname),
"large object %u", loid);
2387 grantorId, ownerId);
2393 nnewmembers =
aclmembers(new_acl, &newmembers);
2396 replaces[Anum_pg_largeobject_metadata_lomacl - 1] =
true;
2397 values[Anum_pg_largeobject_metadata_lomacl - 1]
2401 values, nulls, replaces);
2410 form_lo_meta->oid, 0,
2412 noldmembers, oldmembers,
2413 nnewmembers, newmembers);
2434 if (IsTrueArrayType(pg_type_tuple))
2436 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2437 errmsg(
"cannot set privileges of array types"),
2438 errhint(
"Set the privileges of the element type instead.")));
2439 if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2441 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2442 errmsg(
"cannot set privileges of multirange types"),
2443 errhint(
"Set the privileges of the range type instead.")));
2447 pg_type_tuple->typtype != TYPTYPE_DOMAIN)
2449 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2450 errmsg(
"\"%s\" is not a domain",
2451 NameStr(pg_type_tuple->typname))));
2469 const char *parname;
2486 elog(
ERROR,
"cache lookup failed for parameter ACL %u",
2491 Anum_pg_parameter_acl_parname);
2495 ownerId = BOOTSTRAP_SUPERUSERID;
2502 Anum_pg_parameter_acl_paracl,
2516 noldmembers =
aclmembers(old_acl, &oldmembers);
2522 &grantorId, &avail_goptions);
2531 parameterId, grantorId,
2542 grantorId, ownerId);
2548 nnewmembers =
aclmembers(new_acl, &newmembers);
2564 bool nulls[Natts_pg_parameter_acl] = {0};
2565 bool replaces[Natts_pg_parameter_acl] = {0};
2567 replaces[Anum_pg_parameter_acl_paracl - 1] =
true;
2571 values, nulls, replaces);
2583 noldmembers, oldmembers,
2584 nnewmembers, newmembers);
2600 if (strcmp(privname,
"insert") == 0)
2602 if (strcmp(privname,
"select") == 0)
2604 if (strcmp(privname,
"update") == 0)
2606 if (strcmp(privname,
"delete") == 0)
2608 if (strcmp(privname,
"truncate") == 0)
2610 if (strcmp(privname,
"references") == 0)
2612 if (strcmp(privname,
"trigger") == 0)
2614 if (strcmp(privname,
"execute") == 0)
2616 if (strcmp(privname,
"usage") == 0)
2618 if (strcmp(privname,
"create") == 0)
2620 if (strcmp(privname,
"temporary") == 0)
2622 if (strcmp(privname,
"temp") == 0)
2624 if (strcmp(privname,
"connect") == 0)
2626 if (strcmp(privname,
"set") == 0)
2628 if (strcmp(privname,
"alter system") == 0)
2630 if (strcmp(privname,
"maintain") == 0)
2632 if (strcmp(privname,
"rule") == 0)
2635 (
errcode(ERRCODE_SYNTAX_ERROR),
2636 errmsg(
"unrecognized privilege type \"%s\"", privname)));
2656 return "REFERENCES";
2672 return "ALTER SYSTEM";
2676 elog(
ERROR,
"unrecognized privilege: %d", (
int) privilege);
2689 const char *objectname)
2698 const char *msg =
"???";
2703 msg =
gettext_noop(
"permission denied for aggregate %s");
2706 msg =
gettext_noop(
"permission denied for collation %s");
2712 msg =
gettext_noop(
"permission denied for conversion %s");
2715 msg =
gettext_noop(
"permission denied for database %s");
2721 msg =
gettext_noop(
"permission denied for event trigger %s");
2724 msg =
gettext_noop(
"permission denied for extension %s");
2727 msg =
gettext_noop(
"permission denied for foreign-data wrapper %s");
2730 msg =
gettext_noop(
"permission denied for foreign server %s");
2733 msg =
gettext_noop(
"permission denied for foreign table %s");
2736 msg =
gettext_noop(
"permission denied for function %s");
2742 msg =
gettext_noop(
"permission denied for language %s");
2745 msg =
gettext_noop(
"permission denied for large object %s");
2748 msg =
gettext_noop(
"permission denied for materialized view %s");
2751 msg =
gettext_noop(
"permission denied for operator class %s");
2754 msg =
gettext_noop(
"permission denied for operator %s");
2757 msg =
gettext_noop(
"permission denied for operator family %s");
2760 msg =
gettext_noop(
"permission denied for parameter %s");
2766 msg =
gettext_noop(
"permission denied for procedure %s");
2769 msg =
gettext_noop(
"permission denied for publication %s");
2772 msg =
gettext_noop(
"permission denied for routine %s");
2778 msg =
gettext_noop(
"permission denied for sequence %s");
2781 msg =
gettext_noop(
"permission denied for statistics object %s");
2784 msg =
gettext_noop(
"permission denied for subscription %s");
2790 msg =
gettext_noop(
"permission denied for tablespace %s");
2793 msg =
gettext_noop(
"permission denied for text search configuration %s");
2796 msg =
gettext_noop(
"permission denied for text search dictionary %s");
2823 elog(
ERROR,
"unsupported object type: %d", objtype);
2827 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2828 errmsg(msg, objectname)));
2833 const char *msg =
"???";
2853 msg =
gettext_noop(
"must be owner of event trigger %s");
2859 msg =
gettext_noop(
"must be owner of foreign-data wrapper %s");
2862 msg =
gettext_noop(
"must be owner of foreign server %s");
2865 msg =
gettext_noop(
"must be owner of foreign table %s");
2877 msg =
gettext_noop(
"must be owner of large object %s");
2880 msg =
gettext_noop(
"must be owner of materialized view %s");
2883 msg =
gettext_noop(
"must be owner of operator class %s");
2889 msg =
gettext_noop(
"must be owner of operator family %s");
2904 msg =
gettext_noop(
"must be owner of subscription %s");
2919 msg =
gettext_noop(
"must be owner of statistics object %s");
2925 msg =
gettext_noop(
"must be owner of text search configuration %s");
2928 msg =
gettext_noop(
"must be owner of text search dictionary %s");
2961 elog(
ERROR,
"unsupported object type: %d", objtype);
2965 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2966 errmsg(msg, objectname)));
2970 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2978 const char *objectname,
const char *colname)
2987 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2988 errmsg(
"permission denied for column \"%s\" of relation \"%s\"",
2989 colname, objectname)));
2996 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
3032 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3034 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3036 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3043 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3045 elog(
ERROR,
"grantable rights not supported for statistics objects");
3049 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3051 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3053 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3055 elog(
ERROR,
"grantable rights not supported for event triggers");
3059 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3061 elog(
ERROR,
"unrecognized object type: %d",
3110 case NamespaceRelationId:
3113 case TypeRelationId:
3119 Assert(classid != RelationRelationId);
3120 Assert(classid != LargeObjectMetadataRelationId);
3136 if (is_missing != NULL)
3144 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3145 errmsg(
"%s with OID %u does not exist",
3159 aclDatum = (
Datum) 0;
3167 result =
aclmask(acl, roleid, ownerId, mask, how);
3219 if (is_missing != NULL)
3227 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3228 errmsg(
"attribute %d of relation with OID %u does not exist",
3235 if (attributeForm->attisdropped)
3237 if (is_missing != NULL)
3246 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3247 errmsg(
"attribute %d of relation with OID %u does not exist",
3251 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3276 if (is_missing != NULL)
3285 errmsg(
"relation with OID %u does not exist",
3290 ownerId = classForm->relowner;
3297 result =
aclmask(acl, roleid, ownerId, mask, how);
3339 if (is_missing != NULL)
3348 errmsg(
"relation with OID %u does not exist",
3364 classForm->relkind != RELKIND_VIEW &&
3380 ownerId = classForm->relowner;
3387 switch (classForm->relkind)
3389 case RELKIND_SEQUENCE:
3396 aclDatum = (
Datum) 0;
3404 result =
aclmask(acl, roleid, ownerId, mask, how);
3482 Anum_pg_parameter_acl_paracl,
3488 aclDatum = (
Datum) 0;
3496 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3532 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3533 errmsg(
"parameter ACL with OID %u does not exist",
3537 Anum_pg_parameter_acl_paracl,
3543 aclDatum = (
Datum) 0;
3551 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3596 pg_lo_meta =
table_open(LargeObjectMetadataRelationId,
3600 Anum_pg_largeobject_metadata_oid,
3605 LargeObjectMetadataOidIndexId,
true,
3606 snapshot, 1, entry);
3611 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3612 errmsg(
"large object %u does not exist", lobj_oid)));
3616 aclDatum =
heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3623 aclDatum = (
Datum) 0;
3631 result =
aclmask(acl, roleid, ownerId, mask, how);
3697 if (is_missing != NULL)
3705 (
errcode(ERRCODE_UNDEFINED_SCHEMA),
3706 errmsg(
"schema with OID %u does not exist", nsp_oid)));
3711 aclDatum =
SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3717 aclDatum = (
Datum) 0;
3725 result =
aclmask(acl, roleid, ownerId, mask, how);
3771 if (is_missing != NULL)
3779 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3780 errmsg(
"type with OID %u does not exist",
3789 if (IsTrueArrayType(typeForm))
3791 Oid elttype_oid = typeForm->typelem;
3798 if (is_missing != NULL)
3806 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3807 errmsg(
"type with OID %u does not exist",
3818 if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3827 if (is_missing != NULL)
3835 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3836 errmsg(
"type with OID %u does not exist",
3845 ownerId = typeForm->typowner;
3848 Anum_pg_type_typacl, &isNull);
3853 aclDatum = (
Datum) 0;
3861 result =
aclmask(acl, roleid, ownerId, mask, how);
3978 if (is_missing != NULL)
3987 errmsg(
"relation with OID %u does not exist",
3992 ownerId = classForm->relowner;
3993 nattrs = classForm->relnatts;
4003 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4030 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4140 if (classid == LargeObjectRelationId)
4141 classid = LargeObjectMetadataRelationId;
4152 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4183 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4213 bool result =
false;
4232 bool result =
false;
4270 Anum_pg_default_acl_defaclacl,
4308 defaclobjtype = DEFACLOBJ_RELATION;
4312 defaclobjtype = DEFACLOBJ_SEQUENCE;
4316 defaclobjtype = DEFACLOBJ_FUNCTION;
4320 defaclobjtype = DEFACLOBJ_TYPE;
4324 defaclobjtype = DEFACLOBJ_NAMESPACE;
4336 if (glob_acl == NULL && schema_acl == NULL)
4343 if (glob_acl == NULL)
4347 result =
aclmerge(glob_acl, schema_acl, ownerId);
4401 if (classoid == RelationRelationId)
4410 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4418 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4419 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4420 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4430 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4433 AttrNumber nattrs = pg_class_tuple->relnatts;
4435 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4455 Anum_pg_attribute_attacl,
4482 else if (classoid == LargeObjectRelationId)
4501 Anum_pg_largeobject_metadata_oid,
4506 LargeObjectMetadataOidIndexId,
true,
4511 elog(
ERROR,
"could not find tuple for large object %u", objoid);
4514 Anum_pg_largeobject_metadata_lomacl,
4534 elog(
ERROR,
"cache lookup failed for %s %u",
4562 if (classoid == RelationRelationId)
4569 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4577 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4578 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4579 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4589 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4592 AttrNumber nattrs = pg_class_tuple->relnatts;
4594 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4678 Anum_pg_init_privs_objoid,
4682 Anum_pg_init_privs_classoid,
4686 Anum_pg_init_privs_objsubid,
4700 bool nulls[Natts_pg_init_privs] = {0};
4701 bool replace[Natts_pg_init_privs] = {0};
4707 replace[Anum_pg_init_privs_initprivs - 1] =
true;
4723 bool nulls[Natts_pg_init_privs] = {0};
4739 values[Anum_pg_init_privs_privtype - 1] =
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Acl * acldefault(ObjectType objtype, Oid ownerId)
Acl * make_empty_acl(void)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
static void ExecGrant_Relation(InternalGrant *istmt)
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
bool binary_upgrade_record_init_privs
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Oid get_database_oid(const char *dbname, bool missing_ok)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
if(TABLE==NULL||TABLE_index==NULL)
Assert(fmt[strlen(fmt) - 1] !='\n')
List * lappend(List *list, void *datum)
List * lappend_oid(List *list, Oid datum)
List * list_concat(List *list1, const List *list2)
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
Oid get_multirange_range(Oid multirangeOid)
char * get_rel_name(Oid relid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
@ OBJECT_PUBLICATION_NAMESPACE
@ ACL_TARGET_ALL_IN_SCHEMA
FormData_pg_attribute * Form_pg_attribute
FormData_pg_authid * Form_pg_authid
static PgChecksumMode mode
FormData_pg_class * Form_pg_class
FormData_pg_default_acl * Form_pg_default_acl
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
FormData_pg_language * Form_pg_language
bool LargeObjectExists(Oid loid)
#define list_make1_oid(x1)
FormData_pg_namespace * Form_pg_namespace
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
FormData_pg_proc * Form_pg_proc
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
FormData_pg_type * Form_pg_type
#define ERRCODE_UNDEFINED_TABLE
static Datum PointerGetDatum(const void *X)
static Name DatumGetName(Datum X)
static Oid DatumGetObjectId(Datum X)
static Datum Int16GetDatum(int16 X)
static Datum ObjectIdGetDatum(Oid X)
static Pointer DatumGetPointer(Datum X)
static Datum Int32GetDatum(int32 X)
static Datum CharGetDatum(char X)
Oid get_language_oid(const char *langname, bool missing_ok)
#define RelationGetDescr(relation)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define BTEqualStrategyNumber
bool superuser_arg(Oid roleid)
#define FirstLowInvalidHeapAttributeNumber
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
static void table_endscan(TableScanDesc scan)
text * cstring_to_text(const char *s)
void CommandCounterIncrement(void)