82#include "utils/fmgroids.h"
131 int num_col_privileges);
135 int num_col_privileges);
139 bool all_privs,
AclMode privileges,
140 Oid objectId,
Oid grantorId,
185 Oid grantorId,
Oid ownerId)
210 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
211 errmsg(
"grant options can only be granted to roles")));
226 newer_acl =
aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
285 elog(
ERROR,
"grantable rights not supported for event triggers");
295 elog(
ERROR,
"unrecognized object type: %d", objtype);
307 if (
pg_aclmask(objtype, objectId, att_number, grantorId,
328 if (this_privileges == 0)
332 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
333 errmsg(
"no privileges were granted for column \"%s\" of relation \"%s\"",
337 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
338 errmsg(
"no privileges were granted for \"%s\"",
341 else if (!all_privs && this_privileges != privileges)
345 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
346 errmsg(
"not all privileges were granted for column \"%s\" of relation \"%s\"",
350 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
351 errmsg(
"not all privileges were granted for \"%s\"",
357 if (this_privileges == 0)
361 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
362 errmsg(
"no privileges could be revoked for column \"%s\" of relation \"%s\"",
366 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
367 errmsg(
"no privileges could be revoked for \"%s\"",
370 else if (!all_privs && this_privileges != privileges)
374 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
375 errmsg(
"not all privileges could be revoked for column \"%s\" of relation \"%s\"",
379 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
380 errmsg(
"not all privileges could be revoked for \"%s\"",
385 return this_privileges;
396 const char *errormsg;
411 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
412 errmsg(
"grantor must be current user")));
422 switch (
stmt->targtype)
433 elog(
ERROR,
"unrecognized GrantStmt.targtype: %d",
434 (
int)
stmt->targtype);
449 foreach(cell,
stmt->grantees)
470 switch (
stmt->objtype)
480 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
484 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
488 errormsg =
gettext_noop(
"invalid privilege type %s for database");
492 errormsg =
gettext_noop(
"invalid privilege type %s for domain");
496 errormsg =
gettext_noop(
"invalid privilege type %s for function");
500 errormsg =
gettext_noop(
"invalid privilege type %s for language");
504 errormsg =
gettext_noop(
"invalid privilege type %s for large object");
508 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
512 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
516 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
520 errormsg =
gettext_noop(
"invalid privilege type %s for tablespace");
524 errormsg =
gettext_noop(
"invalid privilege type %s for type");
528 errormsg =
gettext_noop(
"invalid privilege type %s for foreign-data wrapper");
532 errormsg =
gettext_noop(
"invalid privilege type %s for foreign server");
536 errormsg =
gettext_noop(
"invalid privilege type %s for parameter");
539 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
540 (
int)
stmt->objtype);
561 foreach(cell,
stmt->privileges)
574 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
575 errmsg(
"column privileges are only valid for relations")));
581 elog(
ERROR,
"AccessPriv node must specify privilege or columns");
584 if (priv & ~((
AclMode) all_privileges))
586 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
644 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
679 foreach(cell, objnames)
696 foreach(cell, objnames)
715 foreach(cell, objnames)
733 foreach(cell, objnames)
781 foreach(cell, nspnames)
819 Anum_pg_proc_pronamespace,
826 Anum_pg_proc_prokind,
831 Anum_pg_proc_prokind,
851 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
874 Anum_pg_class_relnamespace,
878 Anum_pg_class_relkind,
913 const char *errormsg;
916 foreach(cell,
stmt->options)
920 if (strcmp(defel->
defname,
"schemas") == 0)
926 else if (strcmp(defel->
defname,
"roles") == 0)
937 nspnames = (
List *) dnspnames->
arg;
939 rolespecs = (
List *) drolespecs->
arg;
957 foreach(cell,
action->grantees)
982 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
986 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
990 errormsg =
gettext_noop(
"invalid privilege type %s for function");
994 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
998 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
1002 errormsg =
gettext_noop(
"invalid privilege type %s for type");
1006 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
1009 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
1031 foreach(cell,
action->privileges)
1038 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1039 errmsg(
"default privileges cannot be set for columns")));
1042 elog(
ERROR,
"AccessPriv node must specify privilege");
1045 if (priv & ~((
AclMode) all_privileges))
1047 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1054 if (rolespecs ==
NIL)
1066 foreach(rolecell, rolespecs)
1074 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1075 errmsg(
"permission denied to change default privileges")));
1090 if (nspnames ==
NIL)
1102 foreach(nspcell, nspnames)
1166 objtype = DEFACLOBJ_RELATION;
1172 objtype = DEFACLOBJ_SEQUENCE;
1178 objtype = DEFACLOBJ_FUNCTION;
1184 objtype = DEFACLOBJ_TYPE;
1192 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1193 errmsg(
"cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1194 objtype = DEFACLOBJ_NAMESPACE;
1200 elog(
ERROR,
"unrecognized object type: %d",
1218 Anum_pg_default_acl_defaclacl,
1232 if (old_acl != NULL)
1239 noldmembers =
aclmembers(old_acl, &oldmembers);
1282 myself.
classId = DefaultAclRelationId;
1292 bool nulls[Natts_pg_default_acl] = {0};
1293 bool replaces[Natts_pg_default_acl] = {0};
1300 Anum_pg_default_acl_oid);
1316 replaces[Anum_pg_default_acl_defaclacl - 1] =
true;
1319 values, nulls, replaces);
1336 myself.
classId = DefaultAclRelationId;
1340 referenced.
classId = NamespaceRelationId;
1351 nnewmembers =
aclmembers(new_acl, &newmembers);
1356 noldmembers, oldmembers,
1357 nnewmembers, newmembers);
1395 if (classid == DefaultAclRelationId)
1408 Anum_pg_default_acl_oid,
1418 elog(
ERROR,
"could not find tuple for default ACL %u", objid);
1422 iacls.
roleid = pg_default_acl_tuple->defaclrole;
1423 iacls.
nspid = pg_default_acl_tuple->defaclnamespace;
1425 switch (pg_default_acl_tuple->defaclobjtype)
1427 case DEFACLOBJ_RELATION:
1430 case DEFACLOBJ_SEQUENCE:
1433 case DEFACLOBJ_FUNCTION:
1436 case DEFACLOBJ_TYPE:
1439 case DEFACLOBJ_NAMESPACE:
1444 elog(
ERROR,
"unexpected default ACL type: %d",
1445 (
int) pg_default_acl_tuple->defaclobjtype);
1468 case RelationRelationId:
1472 case DatabaseRelationId:
1475 case TypeRelationId:
1478 case ProcedureRelationId:
1481 case LanguageRelationId:
1484 case LargeObjectRelationId:
1487 case NamespaceRelationId:
1490 case TableSpaceRelationId:
1493 case ForeignServerRelationId:
1496 case ForeignDataWrapperRelationId:
1499 case ParameterAclRelationId:
1503 elog(
ERROR,
"unexpected object class %u", classid);
1531 int num_col_privileges)
1535 foreach(cell, colnames)
1543 (
errcode(ERRCODE_UNDEFINED_COLUMN),
1544 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
1547 if (attnum <= 0 || attnum >= num_col_privileges)
1548 elog(
ERROR,
"column number out of range");
1549 col_privileges[
attnum] |= this_privileges;
1564 int num_col_privileges)
1570 curr_att <= classForm->relnatts;
1580 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1587 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1588 curr_att, table_oid);
1623 bool nulls[Natts_pg_attribute] = {0};
1624 bool replaces[Natts_pg_attribute] = {0};
1634 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1642 aclDatum =
SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1655 noldmembers =
aclmembers(old_acl, &oldmembers);
1664 merged_acl =
aclconcat(old_rel_acl, old_acl);
1668 merged_acl, ownerId,
1669 &grantorId, &avail_goptions);
1687 NameStr(pg_attribute_tuple->attname));
1695 col_privileges, grantorId,
1702 nnewmembers =
aclmembers(new_acl, &newmembers);
1720 nulls[Anum_pg_attribute_attacl - 1] =
true;
1721 need_update = !isNull;
1723 replaces[Anum_pg_attribute_attacl - 1] =
true;
1728 values, nulls, replaces);
1734 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1739 noldmembers, oldmembers,
1740 nnewmembers, newmembers);
1769 int num_col_privileges;
1770 bool have_col_privileges;
1781 elog(
ERROR,
"cache lookup failed for relation %u", relOid);
1785 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1786 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1788 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1789 errmsg(
"\"%s\" is an index",
1790 NameStr(pg_class_tuple->relname))));
1793 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1795 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1796 errmsg(
"\"%s\" is a composite type",
1797 NameStr(pg_class_tuple->relname))));
1801 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1803 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1804 errmsg(
"\"%s\" is not a sequence",
1805 NameStr(pg_class_tuple->relname))));
1810 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1826 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1841 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1842 errmsg(
"sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1843 NameStr(pg_class_tuple->relname))));
1858 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1859 errmsg(
"invalid privilege type %s for table",
1872 have_col_privileges =
false;
1887 num_col_privileges);
1888 have_col_privileges =
true;
1895 ownerId = pg_class_tuple->relowner;
1900 switch (pg_class_tuple->relkind)
1902 case RELKIND_SEQUENCE:
1917 noldmembers =
aclmembers(old_acl, &oldmembers);
1921 old_rel_acl =
aclcopy(old_acl);
1933 bool nulls[Natts_pg_class] = {0};
1934 bool replaces[Natts_pg_class] = {0};
1942 &grantorId, &avail_goptions);
1944 switch (pg_class_tuple->relkind)
1946 case RELKIND_SEQUENCE:
1961 relOid, grantorId, objtype,
1962 NameStr(pg_class_tuple->relname),
1981 nnewmembers =
aclmembers(new_acl, &newmembers);
1984 replaces[Anum_pg_class_relacl - 1] =
true;
1988 values, nulls, replaces);
1999 noldmembers, oldmembers,
2000 nnewmembers, newmembers);
2012 foreach(cell_colprivs, istmt->
col_privs)
2023 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2024 errmsg(
"invalid privilege type %s for column",
2027 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2036 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2037 errmsg(
"sequence \"%s\" only supports SELECT column privileges",
2038 NameStr(pg_class_tuple->relname))));
2046 num_col_privileges);
2047 have_col_privileges =
true;
2050 if (have_col_privileges)
2054 for (
i = 0;
i < num_col_privileges;
i++)
2060 NameStr(pg_class_tuple->relname),
2070 pfree(col_privileges);
2127 object_check(istmt, tuple);
2151 noldmembers =
aclmembers(old_acl, &oldmembers);
2157 &grantorId, &avail_goptions);
2179 grantorId, ownerId);
2185 nnewmembers =
aclmembers(new_acl, &newmembers);
2204 noldmembers, oldmembers,
2205 nnewmembers, newmembers);
2225 if (!pg_language_tuple->lanpltrusted)
2227 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2228 errmsg(
"language \"%s\" is not trusted",
2229 NameStr(pg_language_tuple->lanname)),
2230 errdetail(
"GRANT and REVOKE are not allowed on untrusted languages, "
2231 "because only superusers can use untrusted languages.")));
2243 relation =
table_open(LargeObjectMetadataRelationId,
2260 Datum values[Natts_pg_largeobject_metadata] = {0};
2261 bool nulls[Natts_pg_largeobject_metadata] = {0};
2262 bool replaces[Natts_pg_largeobject_metadata] = {0};
2273 Anum_pg_largeobject_metadata_oid,
2278 LargeObjectMetadataOidIndexId,
true,
2283 elog(
ERROR,
"could not find tuple for large object %u", loid);
2291 ownerId = form_lo_meta->lomowner;
2293 Anum_pg_largeobject_metadata_lomacl,
2306 noldmembers =
aclmembers(old_acl, &oldmembers);
2312 &grantorId, &avail_goptions);
2318 snprintf(loname,
sizeof(loname),
"large object %u", loid);
2331 grantorId, ownerId);
2337 nnewmembers =
aclmembers(new_acl, &newmembers);
2340 replaces[Anum_pg_largeobject_metadata_lomacl - 1] =
true;
2341 values[Anum_pg_largeobject_metadata_lomacl - 1]
2345 values, nulls, replaces);
2354 form_lo_meta->oid, 0,
2356 noldmembers, oldmembers,
2357 nnewmembers, newmembers);
2378 if (IsTrueArrayType(pg_type_tuple))
2380 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2381 errmsg(
"cannot set privileges of array types"),
2382 errhint(
"Set the privileges of the element type instead.")));
2383 if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2385 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2386 errmsg(
"cannot set privileges of multirange types"),
2387 errhint(
"Set the privileges of the range type instead.")));
2405 const char *parname;
2422 elog(
ERROR,
"cache lookup failed for parameter ACL %u",
2427 Anum_pg_parameter_acl_parname);
2431 ownerId = BOOTSTRAP_SUPERUSERID;
2438 Anum_pg_parameter_acl_paracl,
2452 noldmembers =
aclmembers(old_acl, &oldmembers);
2458 &grantorId, &avail_goptions);
2467 parameterId, grantorId,
2478 grantorId, ownerId);
2484 nnewmembers =
aclmembers(new_acl, &newmembers);
2500 bool nulls[Natts_pg_parameter_acl] = {0};
2501 bool replaces[Natts_pg_parameter_acl] = {0};
2503 replaces[Anum_pg_parameter_acl_paracl - 1] =
true;
2507 values, nulls, replaces);
2519 noldmembers, oldmembers,
2520 nnewmembers, newmembers);
2536 if (strcmp(privname,
"insert") == 0)
2538 if (strcmp(privname,
"select") == 0)
2540 if (strcmp(privname,
"update") == 0)
2542 if (strcmp(privname,
"delete") == 0)
2544 if (strcmp(privname,
"truncate") == 0)
2546 if (strcmp(privname,
"references") == 0)
2548 if (strcmp(privname,
"trigger") == 0)
2550 if (strcmp(privname,
"execute") == 0)
2552 if (strcmp(privname,
"usage") == 0)
2554 if (strcmp(privname,
"create") == 0)
2556 if (strcmp(privname,
"temporary") == 0)
2558 if (strcmp(privname,
"temp") == 0)
2560 if (strcmp(privname,
"connect") == 0)
2562 if (strcmp(privname,
"set") == 0)
2564 if (strcmp(privname,
"alter system") == 0)
2566 if (strcmp(privname,
"maintain") == 0)
2569 (
errcode(ERRCODE_SYNTAX_ERROR),
2570 errmsg(
"unrecognized privilege type \"%s\"", privname)));
2590 return "REFERENCES";
2606 return "ALTER SYSTEM";
2610 elog(
ERROR,
"unrecognized privilege: %d", (
int) privilege);
2623 const char *objectname)
2632 const char *msg =
"???";
2637 msg =
gettext_noop(
"permission denied for aggregate %s");
2640 msg =
gettext_noop(
"permission denied for collation %s");
2646 msg =
gettext_noop(
"permission denied for conversion %s");
2649 msg =
gettext_noop(
"permission denied for database %s");
2655 msg =
gettext_noop(
"permission denied for event trigger %s");
2658 msg =
gettext_noop(
"permission denied for extension %s");
2661 msg =
gettext_noop(
"permission denied for foreign-data wrapper %s");
2664 msg =
gettext_noop(
"permission denied for foreign server %s");
2667 msg =
gettext_noop(
"permission denied for foreign table %s");
2670 msg =
gettext_noop(
"permission denied for function %s");
2676 msg =
gettext_noop(
"permission denied for language %s");
2679 msg =
gettext_noop(
"permission denied for large object %s");
2682 msg =
gettext_noop(
"permission denied for materialized view %s");
2685 msg =
gettext_noop(
"permission denied for operator class %s");
2688 msg =
gettext_noop(
"permission denied for operator %s");
2691 msg =
gettext_noop(
"permission denied for operator family %s");
2694 msg =
gettext_noop(
"permission denied for parameter %s");
2700 msg =
gettext_noop(
"permission denied for procedure %s");
2703 msg =
gettext_noop(
"permission denied for publication %s");
2706 msg =
gettext_noop(
"permission denied for routine %s");
2712 msg =
gettext_noop(
"permission denied for sequence %s");
2715 msg =
gettext_noop(
"permission denied for statistics object %s");
2718 msg =
gettext_noop(
"permission denied for subscription %s");
2724 msg =
gettext_noop(
"permission denied for tablespace %s");
2727 msg =
gettext_noop(
"permission denied for text search configuration %s");
2730 msg =
gettext_noop(
"permission denied for text search dictionary %s");
2757 elog(
ERROR,
"unsupported object type: %d", objtype);
2761 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2762 errmsg(msg, objectname)));
2767 const char *msg =
"???";
2787 msg =
gettext_noop(
"must be owner of event trigger %s");
2793 msg =
gettext_noop(
"must be owner of foreign-data wrapper %s");
2796 msg =
gettext_noop(
"must be owner of foreign server %s");
2799 msg =
gettext_noop(
"must be owner of foreign table %s");
2811 msg =
gettext_noop(
"must be owner of large object %s");
2814 msg =
gettext_noop(
"must be owner of materialized view %s");
2817 msg =
gettext_noop(
"must be owner of operator class %s");
2823 msg =
gettext_noop(
"must be owner of operator family %s");
2838 msg =
gettext_noop(
"must be owner of subscription %s");
2853 msg =
gettext_noop(
"must be owner of statistics object %s");
2859 msg =
gettext_noop(
"must be owner of text search configuration %s");
2862 msg =
gettext_noop(
"must be owner of text search dictionary %s");
2895 elog(
ERROR,
"unsupported object type: %d", objtype);
2899 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2900 errmsg(msg, objectname)));
2904 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2912 const char *objectname,
const char *colname)
2921 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2922 errmsg(
"permission denied for column \"%s\" of relation \"%s\"",
2923 colname, objectname)));
2930 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2966 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
2968 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
2970 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
2977 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
2979 elog(
ERROR,
"grantable rights not supported for statistics objects");
2983 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
2985 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
2987 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
2989 elog(
ERROR,
"grantable rights not supported for event triggers");
2993 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
2995 elog(
ERROR,
"unrecognized object type: %d",
3044 case NamespaceRelationId:
3047 case TypeRelationId:
3053 Assert(classid != RelationRelationId);
3054 Assert(classid != LargeObjectMetadataRelationId);
3070 if (is_missing != NULL)
3078 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3079 errmsg(
"%s with OID %u does not exist",
3093 aclDatum = (
Datum) 0;
3101 result =
aclmask(acl, roleid, ownerId, mask, how);
3153 if (is_missing != NULL)
3161 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3162 errmsg(
"attribute %d of relation with OID %u does not exist",
3169 if (attributeForm->attisdropped)
3171 if (is_missing != NULL)
3180 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3181 errmsg(
"attribute %d of relation with OID %u does not exist",
3185 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3210 if (is_missing != NULL)
3219 errmsg(
"relation with OID %u does not exist",
3224 ownerId = classForm->relowner;
3231 result =
aclmask(acl, roleid, ownerId, mask, how);
3273 if (is_missing != NULL)
3282 errmsg(
"relation with OID %u does not exist",
3298 classForm->relkind != RELKIND_VIEW &&
3314 ownerId = classForm->relowner;
3321 switch (classForm->relkind)
3323 case RELKIND_SEQUENCE:
3330 aclDatum = (
Datum) 0;
3338 result =
aclmask(acl, roleid, ownerId, mask, how);
3416 Anum_pg_parameter_acl_paracl,
3422 aclDatum = (
Datum) 0;
3430 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3466 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3467 errmsg(
"parameter ACL with OID %u does not exist",
3471 Anum_pg_parameter_acl_paracl,
3477 aclDatum = (
Datum) 0;
3485 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3530 pg_lo_meta =
table_open(LargeObjectMetadataRelationId,
3534 Anum_pg_largeobject_metadata_oid,
3539 LargeObjectMetadataOidIndexId,
true,
3540 snapshot, 1, entry);
3545 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3546 errmsg(
"large object %u does not exist", lobj_oid)));
3550 aclDatum =
heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3557 aclDatum = (
Datum) 0;
3565 result =
aclmask(acl, roleid, ownerId, mask, how);
3631 if (is_missing != NULL)
3639 (
errcode(ERRCODE_UNDEFINED_SCHEMA),
3640 errmsg(
"schema with OID %u does not exist", nsp_oid)));
3645 aclDatum =
SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3651 aclDatum = (
Datum) 0;
3659 result =
aclmask(acl, roleid, ownerId, mask, how);
3705 if (is_missing != NULL)
3713 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3714 errmsg(
"type with OID %u does not exist",
3723 if (IsTrueArrayType(typeForm))
3725 Oid elttype_oid = typeForm->typelem;
3732 if (is_missing != NULL)
3740 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3741 errmsg(
"type with OID %u does not exist",
3752 if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3761 if (is_missing != NULL)
3769 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3770 errmsg(
"type with OID %u does not exist",
3779 ownerId = typeForm->typowner;
3782 Anum_pg_type_typacl, &isNull);
3787 aclDatum = (
Datum) 0;
3795 result =
aclmask(acl, roleid, ownerId, mask, how);
3912 if (is_missing != NULL)
3921 errmsg(
"relation with OID %u does not exist",
3926 ownerId = classForm->relowner;
3927 nattrs = classForm->relnatts;
3937 for (curr_att = 1; curr_att <= nattrs; curr_att++)
3964 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4074 if (classid == LargeObjectRelationId)
4075 classid = LargeObjectMetadataRelationId;
4086 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4117 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4147 bool result =
false;
4166 bool result =
false;
4204 Anum_pg_default_acl_defaclacl,
4242 defaclobjtype = DEFACLOBJ_RELATION;
4246 defaclobjtype = DEFACLOBJ_SEQUENCE;
4250 defaclobjtype = DEFACLOBJ_FUNCTION;
4254 defaclobjtype = DEFACLOBJ_TYPE;
4258 defaclobjtype = DEFACLOBJ_NAMESPACE;
4270 if (glob_acl == NULL && schema_acl == NULL)
4277 if (glob_acl == NULL)
4281 result =
aclmerge(glob_acl, schema_acl, ownerId);
4335 if (classoid == RelationRelationId)
4344 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4352 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4353 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4354 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4364 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4367 AttrNumber nattrs = pg_class_tuple->relnatts;
4369 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4389 Anum_pg_attribute_attacl,
4416 else if (classoid == LargeObjectRelationId)
4435 Anum_pg_largeobject_metadata_oid,
4440 LargeObjectMetadataOidIndexId,
true,
4445 elog(
ERROR,
"could not find tuple for large object %u", objoid);
4448 Anum_pg_largeobject_metadata_lomacl,
4469 elog(
ERROR,
"cache lookup failed for %s %u",
4497 if (classoid == RelationRelationId)
4504 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4512 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4513 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4514 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4524 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4527 AttrNumber nattrs = pg_class_tuple->relnatts;
4529 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4616 nnewmembers =
aclmembers(new_acl, &newmembers);
4622 Anum_pg_init_privs_objoid,
4626 Anum_pg_init_privs_classoid,
4630 Anum_pg_init_privs_objsubid,
4644 bool nulls[Natts_pg_init_privs] = {0};
4645 bool replace[Natts_pg_init_privs] = {0};
4651 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4655 noldmembers =
aclmembers(old_acl, &oldmembers);
4658 noldmembers, oldmembers,
4659 nnewmembers, newmembers);
4662 if (new_acl &&
ACL_NUM(new_acl) != 0)
4665 replace[Anum_pg_init_privs_initprivs - 1] =
true;
4681 bool nulls[Natts_pg_init_privs] = {0};
4689 if (new_acl &&
ACL_NUM(new_acl) != 0)
4697 values[Anum_pg_init_privs_privtype - 1] =
4711 noldmembers, oldmembers,
4712 nnewmembers, newmembers);
4751 Anum_pg_init_privs_objoid,
4755 Anum_pg_init_privs_classoid,
4759 Anum_pg_init_privs_objsubid,
4781 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4790 new_acl =
aclnewowner(old_acl, oldroleid, newroleid);
4796 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
4803 bool nulls[Natts_pg_init_privs] = {0};
4804 bool replaces[Natts_pg_init_privs] = {0};
4808 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
4811 values, nulls, replaces);
4818 noldmembers =
aclmembers(old_acl, &oldmembers);
4819 nnewmembers =
aclmembers(new_acl, &newmembers);
4822 noldmembers, oldmembers,
4823 nnewmembers, newmembers);
4862 Anum_pg_init_privs_objoid,
4866 Anum_pg_init_privs_classoid,
4870 Anum_pg_init_privs_objsubid,
4892 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4902 noldmembers =
aclmembers(old_acl, &oldmembers);
4908 elog(
ERROR,
"cache lookup failed for %s %u",
4919 if (old_acl != NULL)
4932 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
4939 bool nulls[Natts_pg_init_privs] = {0};
4940 bool replaces[Natts_pg_init_privs] = {0};
4944 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
4947 values, nulls, replaces);
4954 nnewmembers =
aclmembers(new_acl, &newmembers);
4957 noldmembers, oldmembers,
4958 nnewmembers, newmembers);
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
Acl * acldefault(ObjectType objtype, Oid ownerId)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
Acl * make_empty_acl(void)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
#define ACLITEM_ALL_PRIV_BITS
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
void RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
void ReplaceRoleInInitPriv(Oid oldroleid, Oid newroleid, Oid classid, Oid objid, int32 objsubid)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static void ExecGrant_Relation(InternalGrant *istmt)
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
bool binary_upgrade_record_init_privs
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define Assert(condition)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
if(TABLE==NULL||TABLE_index==NULL)
List * lappend(List *list, void *datum)
List * list_concat(List *list1, const List *list2)
List * lappend_oid(List *list, Oid datum)
void UnlockTuple(Relation relation, ItemPointer tid, LOCKMODE lockmode)
#define InplaceUpdateTupleLock
char * get_rel_name(Oid relid)
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
Oid get_multirange_range(Oid multirangeOid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
const char * get_object_class_descr(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
ObjectAddress get_object_address(ObjectType objtype, Node *object, Relation *relp, LOCKMODE lockmode, bool missing_ok)
@ OBJECT_PUBLICATION_NAMESPACE
@ ACL_TARGET_ALL_IN_SCHEMA
FormData_pg_attribute * Form_pg_attribute
FormData_pg_authid * Form_pg_authid
static PgChecksumMode mode
FormData_pg_class * Form_pg_class
FormData_pg_default_acl * Form_pg_default_acl
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
FormData_pg_language * Form_pg_language
#define list_make1_oid(x1)
FormData_pg_namespace * Form_pg_namespace
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
FormData_pg_proc * Form_pg_proc
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void updateInitAclDependencies(Oid classId, Oid objectId, int32 objsubId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
FormData_pg_type * Form_pg_type
#define ERRCODE_UNDEFINED_TABLE
static Datum PointerGetDatum(const void *X)
static Name DatumGetName(Datum X)
static Oid DatumGetObjectId(Datum X)
static Datum Int16GetDatum(int16 X)
static Datum ObjectIdGetDatum(Oid X)
static Pointer DatumGetPointer(Datum X)
static Datum Int32GetDatum(int32 X)
static Datum CharGetDatum(char X)
#define RelationGetDescr(relation)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define BTEqualStrategyNumber
bool superuser_arg(Oid roleid)
#define FirstLowInvalidHeapAttributeNumber
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCacheLocked1(int cacheId, Datum key1)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
static void table_endscan(TableScanDesc scan)
text * cstring_to_text(const char *s)
void CommandCounterIncrement(void)