81 #include "utils/fmgroids.h"
130 int num_col_privileges);
134 int num_col_privileges);
138 bool all_privs,
AclMode privileges,
139 Oid objectId,
Oid grantorId,
184 Oid grantorId,
Oid ownerId)
209 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
210 errmsg(
"grant options can only be granted to roles")));
225 newer_acl =
aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
284 elog(
ERROR,
"grantable rights not supported for event triggers");
294 elog(
ERROR,
"unrecognized object type: %d", objtype);
306 if (
pg_aclmask(objtype, objectId, att_number, grantorId,
327 if (this_privileges == 0)
331 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
332 errmsg(
"no privileges were granted for column \"%s\" of relation \"%s\"",
336 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
337 errmsg(
"no privileges were granted for \"%s\"",
340 else if (!all_privs && this_privileges != privileges)
344 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
345 errmsg(
"not all privileges were granted for column \"%s\" of relation \"%s\"",
349 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
350 errmsg(
"not all privileges were granted for \"%s\"",
356 if (this_privileges == 0)
360 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
361 errmsg(
"no privileges could be revoked for column \"%s\" of relation \"%s\"",
365 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
366 errmsg(
"no privileges could be revoked for \"%s\"",
369 else if (!all_privs && this_privileges != privileges)
373 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
374 errmsg(
"not all privileges could be revoked for column \"%s\" of relation \"%s\"",
378 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
379 errmsg(
"not all privileges could be revoked for \"%s\"",
384 return this_privileges;
395 const char *errormsg;
410 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
411 errmsg(
"grantor must be current user")));
421 switch (
stmt->targtype)
432 elog(
ERROR,
"unrecognized GrantStmt.targtype: %d",
433 (
int)
stmt->targtype);
448 foreach(cell,
stmt->grantees)
469 switch (
stmt->objtype)
479 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
483 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
487 errormsg =
gettext_noop(
"invalid privilege type %s for database");
491 errormsg =
gettext_noop(
"invalid privilege type %s for domain");
495 errormsg =
gettext_noop(
"invalid privilege type %s for function");
499 errormsg =
gettext_noop(
"invalid privilege type %s for language");
503 errormsg =
gettext_noop(
"invalid privilege type %s for large object");
507 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
511 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
515 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
519 errormsg =
gettext_noop(
"invalid privilege type %s for tablespace");
523 errormsg =
gettext_noop(
"invalid privilege type %s for type");
527 errormsg =
gettext_noop(
"invalid privilege type %s for foreign-data wrapper");
531 errormsg =
gettext_noop(
"invalid privilege type %s for foreign server");
535 errormsg =
gettext_noop(
"invalid privilege type %s for parameter");
538 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
539 (
int)
stmt->objtype);
560 foreach(cell,
stmt->privileges)
573 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
574 errmsg(
"column privileges are only valid for relations")));
580 elog(
ERROR,
"AccessPriv node must specify privilege or columns");
583 if (priv & ~((
AclMode) all_privileges))
585 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
643 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
679 foreach(cell, objnames)
689 foreach(cell, objnames)
700 foreach(cell, objnames)
710 foreach(cell, objnames)
720 foreach(cell, objnames)
730 foreach(cell, objnames)
736 (
errcode(ERRCODE_UNDEFINED_OBJECT),
737 errmsg(
"large object %u does not exist",
744 foreach(cell, objnames)
754 foreach(cell, objnames)
764 foreach(cell, objnames)
774 foreach(cell, objnames)
784 foreach(cell, objnames)
793 foreach(cell, objnames)
802 foreach(cell, objnames)
833 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
853 foreach(cell, nspnames)
891 Anum_pg_proc_pronamespace,
898 Anum_pg_proc_prokind,
903 Anum_pg_proc_prokind,
923 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
946 Anum_pg_class_relnamespace,
950 Anum_pg_class_relkind,
985 const char *errormsg;
988 foreach(cell,
stmt->options)
992 if (strcmp(defel->
defname,
"schemas") == 0)
998 else if (strcmp(defel->
defname,
"roles") == 0)
1009 nspnames = (
List *) dnspnames->
arg;
1011 rolespecs = (
List *) drolespecs->
arg;
1029 foreach(cell,
action->grantees)
1054 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
1058 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
1062 errormsg =
gettext_noop(
"invalid privilege type %s for function");
1066 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
1070 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
1074 errormsg =
gettext_noop(
"invalid privilege type %s for type");
1078 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
1081 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
1103 foreach(cell,
action->privileges)
1110 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1111 errmsg(
"default privileges cannot be set for columns")));
1114 elog(
ERROR,
"AccessPriv node must specify privilege");
1117 if (priv & ~((
AclMode) all_privileges))
1119 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1126 if (rolespecs ==
NIL)
1138 foreach(rolecell, rolespecs)
1146 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1147 errmsg(
"permission denied to change default privileges")));
1162 if (nspnames ==
NIL)
1174 foreach(nspcell, nspnames)
1238 objtype = DEFACLOBJ_RELATION;
1244 objtype = DEFACLOBJ_SEQUENCE;
1250 objtype = DEFACLOBJ_FUNCTION;
1256 objtype = DEFACLOBJ_TYPE;
1264 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1265 errmsg(
"cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1266 objtype = DEFACLOBJ_NAMESPACE;
1272 elog(
ERROR,
"unrecognized object type: %d",
1290 Anum_pg_default_acl_defaclacl,
1304 if (old_acl != NULL)
1311 noldmembers =
aclmembers(old_acl, &oldmembers);
1354 myself.
classId = DefaultAclRelationId;
1364 bool nulls[Natts_pg_default_acl] = {0};
1365 bool replaces[Natts_pg_default_acl] = {0};
1372 Anum_pg_default_acl_oid);
1388 replaces[Anum_pg_default_acl_defaclacl - 1] =
true;
1391 values, nulls, replaces);
1408 myself.
classId = DefaultAclRelationId;
1412 referenced.
classId = NamespaceRelationId;
1423 nnewmembers =
aclmembers(new_acl, &newmembers);
1428 noldmembers, oldmembers,
1429 nnewmembers, newmembers);
1467 if (classid == DefaultAclRelationId)
1480 Anum_pg_default_acl_oid,
1490 elog(
ERROR,
"could not find tuple for default ACL %u", objid);
1494 iacls.
roleid = pg_default_acl_tuple->defaclrole;
1495 iacls.
nspid = pg_default_acl_tuple->defaclnamespace;
1497 switch (pg_default_acl_tuple->defaclobjtype)
1499 case DEFACLOBJ_RELATION:
1502 case DEFACLOBJ_SEQUENCE:
1505 case DEFACLOBJ_FUNCTION:
1508 case DEFACLOBJ_TYPE:
1511 case DEFACLOBJ_NAMESPACE:
1516 elog(
ERROR,
"unexpected default ACL type: %d",
1517 (
int) pg_default_acl_tuple->defaclobjtype);
1540 case RelationRelationId:
1544 case DatabaseRelationId:
1547 case TypeRelationId:
1550 case ProcedureRelationId:
1553 case LanguageRelationId:
1556 case LargeObjectRelationId:
1559 case NamespaceRelationId:
1562 case TableSpaceRelationId:
1565 case ForeignServerRelationId:
1568 case ForeignDataWrapperRelationId:
1571 case ParameterAclRelationId:
1575 elog(
ERROR,
"unexpected object class %u", classid);
1603 int num_col_privileges)
1607 foreach(cell, colnames)
1615 (
errcode(ERRCODE_UNDEFINED_COLUMN),
1616 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
1619 if (attnum <= 0 || attnum >= num_col_privileges)
1620 elog(
ERROR,
"column number out of range");
1621 col_privileges[
attnum] |= this_privileges;
1636 int num_col_privileges)
1642 curr_att <= classForm->relnatts;
1652 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1659 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1660 curr_att, table_oid);
1695 bool nulls[Natts_pg_attribute] = {0};
1696 bool replaces[Natts_pg_attribute] = {0};
1706 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1714 aclDatum =
SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1727 noldmembers =
aclmembers(old_acl, &oldmembers);
1736 merged_acl =
aclconcat(old_rel_acl, old_acl);
1740 merged_acl, ownerId,
1741 &grantorId, &avail_goptions);
1759 NameStr(pg_attribute_tuple->attname));
1767 col_privileges, grantorId,
1774 nnewmembers =
aclmembers(new_acl, &newmembers);
1792 nulls[Anum_pg_attribute_attacl - 1] =
true;
1793 need_update = !isNull;
1795 replaces[Anum_pg_attribute_attacl - 1] =
true;
1800 values, nulls, replaces);
1806 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1811 noldmembers, oldmembers,
1812 nnewmembers, newmembers);
1841 int num_col_privileges;
1842 bool have_col_privileges;
1853 elog(
ERROR,
"cache lookup failed for relation %u", relOid);
1857 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1858 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1860 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1861 errmsg(
"\"%s\" is an index",
1862 NameStr(pg_class_tuple->relname))));
1865 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1867 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1868 errmsg(
"\"%s\" is a composite type",
1869 NameStr(pg_class_tuple->relname))));
1873 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1875 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1876 errmsg(
"\"%s\" is not a sequence",
1877 NameStr(pg_class_tuple->relname))));
1882 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1898 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1913 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1914 errmsg(
"sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1915 NameStr(pg_class_tuple->relname))));
1930 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1931 errmsg(
"invalid privilege type %s for table",
1944 have_col_privileges =
false;
1959 num_col_privileges);
1960 have_col_privileges =
true;
1967 ownerId = pg_class_tuple->relowner;
1972 switch (pg_class_tuple->relkind)
1974 case RELKIND_SEQUENCE:
1989 noldmembers =
aclmembers(old_acl, &oldmembers);
1993 old_rel_acl =
aclcopy(old_acl);
2005 bool nulls[Natts_pg_class] = {0};
2006 bool replaces[Natts_pg_class] = {0};
2014 &grantorId, &avail_goptions);
2016 switch (pg_class_tuple->relkind)
2018 case RELKIND_SEQUENCE:
2033 relOid, grantorId, objtype,
2034 NameStr(pg_class_tuple->relname),
2053 nnewmembers =
aclmembers(new_acl, &newmembers);
2056 replaces[Anum_pg_class_relacl - 1] =
true;
2060 values, nulls, replaces);
2070 noldmembers, oldmembers,
2071 nnewmembers, newmembers);
2081 foreach(cell_colprivs, istmt->
col_privs)
2092 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2093 errmsg(
"invalid privilege type %s for column",
2096 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2105 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2106 errmsg(
"sequence \"%s\" only supports SELECT column privileges",
2107 NameStr(pg_class_tuple->relname))));
2115 num_col_privileges);
2116 have_col_privileges =
true;
2119 if (have_col_privileges)
2123 for (
i = 0;
i < num_col_privileges;
i++)
2129 NameStr(pg_class_tuple->relname),
2139 pfree(col_privileges);
2196 object_check(istmt, tuple);
2220 noldmembers =
aclmembers(old_acl, &oldmembers);
2226 &grantorId, &avail_goptions);
2248 grantorId, ownerId);
2254 nnewmembers =
aclmembers(new_acl, &newmembers);
2272 noldmembers, oldmembers,
2273 nnewmembers, newmembers);
2293 if (!pg_language_tuple->lanpltrusted)
2295 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2296 errmsg(
"language \"%s\" is not trusted",
2297 NameStr(pg_language_tuple->lanname)),
2298 errdetail(
"GRANT and REVOKE are not allowed on untrusted languages, "
2299 "because only superusers can use untrusted languages.")));
2311 relation =
table_open(LargeObjectMetadataRelationId,
2328 Datum values[Natts_pg_largeobject_metadata] = {0};
2329 bool nulls[Natts_pg_largeobject_metadata] = {0};
2330 bool replaces[Natts_pg_largeobject_metadata] = {0};
2341 Anum_pg_largeobject_metadata_oid,
2346 LargeObjectMetadataOidIndexId,
true,
2351 elog(
ERROR,
"could not find tuple for large object %u", loid);
2359 ownerId = form_lo_meta->lomowner;
2361 Anum_pg_largeobject_metadata_lomacl,
2374 noldmembers =
aclmembers(old_acl, &oldmembers);
2380 &grantorId, &avail_goptions);
2386 snprintf(loname,
sizeof(loname),
"large object %u", loid);
2399 grantorId, ownerId);
2405 nnewmembers =
aclmembers(new_acl, &newmembers);
2408 replaces[Anum_pg_largeobject_metadata_lomacl - 1] =
true;
2409 values[Anum_pg_largeobject_metadata_lomacl - 1]
2413 values, nulls, replaces);
2422 form_lo_meta->oid, 0,
2424 noldmembers, oldmembers,
2425 nnewmembers, newmembers);
2446 if (IsTrueArrayType(pg_type_tuple))
2448 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2449 errmsg(
"cannot set privileges of array types"),
2450 errhint(
"Set the privileges of the element type instead.")));
2451 if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2453 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2454 errmsg(
"cannot set privileges of multirange types"),
2455 errhint(
"Set the privileges of the range type instead.")));
2459 pg_type_tuple->typtype != TYPTYPE_DOMAIN)
2461 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2462 errmsg(
"\"%s\" is not a domain",
2463 NameStr(pg_type_tuple->typname))));
2481 const char *parname;
2498 elog(
ERROR,
"cache lookup failed for parameter ACL %u",
2503 Anum_pg_parameter_acl_parname);
2507 ownerId = BOOTSTRAP_SUPERUSERID;
2514 Anum_pg_parameter_acl_paracl,
2528 noldmembers =
aclmembers(old_acl, &oldmembers);
2534 &grantorId, &avail_goptions);
2543 parameterId, grantorId,
2554 grantorId, ownerId);
2560 nnewmembers =
aclmembers(new_acl, &newmembers);
2576 bool nulls[Natts_pg_parameter_acl] = {0};
2577 bool replaces[Natts_pg_parameter_acl] = {0};
2579 replaces[Anum_pg_parameter_acl_paracl - 1] =
true;
2583 values, nulls, replaces);
2595 noldmembers, oldmembers,
2596 nnewmembers, newmembers);
2612 if (strcmp(privname,
"insert") == 0)
2614 if (strcmp(privname,
"select") == 0)
2616 if (strcmp(privname,
"update") == 0)
2618 if (strcmp(privname,
"delete") == 0)
2620 if (strcmp(privname,
"truncate") == 0)
2622 if (strcmp(privname,
"references") == 0)
2624 if (strcmp(privname,
"trigger") == 0)
2626 if (strcmp(privname,
"execute") == 0)
2628 if (strcmp(privname,
"usage") == 0)
2630 if (strcmp(privname,
"create") == 0)
2632 if (strcmp(privname,
"temporary") == 0)
2634 if (strcmp(privname,
"temp") == 0)
2636 if (strcmp(privname,
"connect") == 0)
2638 if (strcmp(privname,
"set") == 0)
2640 if (strcmp(privname,
"alter system") == 0)
2642 if (strcmp(privname,
"maintain") == 0)
2644 if (strcmp(privname,
"rule") == 0)
2647 (
errcode(ERRCODE_SYNTAX_ERROR),
2648 errmsg(
"unrecognized privilege type \"%s\"", privname)));
2668 return "REFERENCES";
2684 return "ALTER SYSTEM";
2688 elog(
ERROR,
"unrecognized privilege: %d", (
int) privilege);
2701 const char *objectname)
2710 const char *msg =
"???";
2715 msg =
gettext_noop(
"permission denied for aggregate %s");
2718 msg =
gettext_noop(
"permission denied for collation %s");
2724 msg =
gettext_noop(
"permission denied for conversion %s");
2727 msg =
gettext_noop(
"permission denied for database %s");
2733 msg =
gettext_noop(
"permission denied for event trigger %s");
2736 msg =
gettext_noop(
"permission denied for extension %s");
2739 msg =
gettext_noop(
"permission denied for foreign-data wrapper %s");
2742 msg =
gettext_noop(
"permission denied for foreign server %s");
2745 msg =
gettext_noop(
"permission denied for foreign table %s");
2748 msg =
gettext_noop(
"permission denied for function %s");
2754 msg =
gettext_noop(
"permission denied for language %s");
2757 msg =
gettext_noop(
"permission denied for large object %s");
2760 msg =
gettext_noop(
"permission denied for materialized view %s");
2763 msg =
gettext_noop(
"permission denied for operator class %s");
2766 msg =
gettext_noop(
"permission denied for operator %s");
2769 msg =
gettext_noop(
"permission denied for operator family %s");
2772 msg =
gettext_noop(
"permission denied for parameter %s");
2778 msg =
gettext_noop(
"permission denied for procedure %s");
2781 msg =
gettext_noop(
"permission denied for publication %s");
2784 msg =
gettext_noop(
"permission denied for routine %s");
2790 msg =
gettext_noop(
"permission denied for sequence %s");
2793 msg =
gettext_noop(
"permission denied for statistics object %s");
2796 msg =
gettext_noop(
"permission denied for subscription %s");
2802 msg =
gettext_noop(
"permission denied for tablespace %s");
2805 msg =
gettext_noop(
"permission denied for text search configuration %s");
2808 msg =
gettext_noop(
"permission denied for text search dictionary %s");
2835 elog(
ERROR,
"unsupported object type: %d", objtype);
2839 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2840 errmsg(msg, objectname)));
2845 const char *msg =
"???";
2865 msg =
gettext_noop(
"must be owner of event trigger %s");
2871 msg =
gettext_noop(
"must be owner of foreign-data wrapper %s");
2874 msg =
gettext_noop(
"must be owner of foreign server %s");
2877 msg =
gettext_noop(
"must be owner of foreign table %s");
2889 msg =
gettext_noop(
"must be owner of large object %s");
2892 msg =
gettext_noop(
"must be owner of materialized view %s");
2895 msg =
gettext_noop(
"must be owner of operator class %s");
2901 msg =
gettext_noop(
"must be owner of operator family %s");
2916 msg =
gettext_noop(
"must be owner of subscription %s");
2931 msg =
gettext_noop(
"must be owner of statistics object %s");
2937 msg =
gettext_noop(
"must be owner of text search configuration %s");
2940 msg =
gettext_noop(
"must be owner of text search dictionary %s");
2973 elog(
ERROR,
"unsupported object type: %d", objtype);
2977 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2978 errmsg(msg, objectname)));
2982 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2990 const char *objectname,
const char *colname)
2999 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3000 errmsg(
"permission denied for column \"%s\" of relation \"%s\"",
3001 colname, objectname)));
3008 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
3044 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3046 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3048 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3055 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3057 elog(
ERROR,
"grantable rights not supported for statistics objects");
3061 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3063 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3065 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3067 elog(
ERROR,
"grantable rights not supported for event triggers");
3071 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3073 elog(
ERROR,
"unrecognized object type: %d",
3122 case NamespaceRelationId:
3125 case TypeRelationId:
3131 Assert(classid != RelationRelationId);
3132 Assert(classid != LargeObjectMetadataRelationId);
3148 if (is_missing != NULL)
3156 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3157 errmsg(
"%s with OID %u does not exist",
3171 aclDatum = (
Datum) 0;
3179 result =
aclmask(acl, roleid, ownerId, mask, how);
3231 if (is_missing != NULL)
3239 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3240 errmsg(
"attribute %d of relation with OID %u does not exist",
3247 if (attributeForm->attisdropped)
3249 if (is_missing != NULL)
3258 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3259 errmsg(
"attribute %d of relation with OID %u does not exist",
3263 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3288 if (is_missing != NULL)
3297 errmsg(
"relation with OID %u does not exist",
3302 ownerId = classForm->relowner;
3309 result =
aclmask(acl, roleid, ownerId, mask, how);
3351 if (is_missing != NULL)
3360 errmsg(
"relation with OID %u does not exist",
3376 classForm->relkind != RELKIND_VIEW &&
3392 ownerId = classForm->relowner;
3399 switch (classForm->relkind)
3401 case RELKIND_SEQUENCE:
3408 aclDatum = (
Datum) 0;
3416 result =
aclmask(acl, roleid, ownerId, mask, how);
3494 Anum_pg_parameter_acl_paracl,
3500 aclDatum = (
Datum) 0;
3508 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3544 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3545 errmsg(
"parameter ACL with OID %u does not exist",
3549 Anum_pg_parameter_acl_paracl,
3555 aclDatum = (
Datum) 0;
3563 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3608 pg_lo_meta =
table_open(LargeObjectMetadataRelationId,
3612 Anum_pg_largeobject_metadata_oid,
3617 LargeObjectMetadataOidIndexId,
true,
3618 snapshot, 1, entry);
3623 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3624 errmsg(
"large object %u does not exist", lobj_oid)));
3628 aclDatum =
heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3635 aclDatum = (
Datum) 0;
3643 result =
aclmask(acl, roleid, ownerId, mask, how);
3709 if (is_missing != NULL)
3717 (
errcode(ERRCODE_UNDEFINED_SCHEMA),
3718 errmsg(
"schema with OID %u does not exist", nsp_oid)));
3723 aclDatum =
SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3729 aclDatum = (
Datum) 0;
3737 result =
aclmask(acl, roleid, ownerId, mask, how);
3783 if (is_missing != NULL)
3791 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3792 errmsg(
"type with OID %u does not exist",
3801 if (IsTrueArrayType(typeForm))
3803 Oid elttype_oid = typeForm->typelem;
3810 if (is_missing != NULL)
3818 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3819 errmsg(
"type with OID %u does not exist",
3830 if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3839 if (is_missing != NULL)
3847 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3848 errmsg(
"type with OID %u does not exist",
3857 ownerId = typeForm->typowner;
3860 Anum_pg_type_typacl, &isNull);
3865 aclDatum = (
Datum) 0;
3873 result =
aclmask(acl, roleid, ownerId, mask, how);
3990 if (is_missing != NULL)
3999 errmsg(
"relation with OID %u does not exist",
4004 ownerId = classForm->relowner;
4005 nattrs = classForm->relnatts;
4015 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4042 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4152 if (classid == LargeObjectRelationId)
4153 classid = LargeObjectMetadataRelationId;
4164 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4195 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4225 bool result =
false;
4244 bool result =
false;
4282 Anum_pg_default_acl_defaclacl,
4320 defaclobjtype = DEFACLOBJ_RELATION;
4324 defaclobjtype = DEFACLOBJ_SEQUENCE;
4328 defaclobjtype = DEFACLOBJ_FUNCTION;
4332 defaclobjtype = DEFACLOBJ_TYPE;
4336 defaclobjtype = DEFACLOBJ_NAMESPACE;
4348 if (glob_acl == NULL && schema_acl == NULL)
4355 if (glob_acl == NULL)
4359 result =
aclmerge(glob_acl, schema_acl, ownerId);
4413 if (classoid == RelationRelationId)
4422 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4430 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4431 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4432 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4442 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4445 AttrNumber nattrs = pg_class_tuple->relnatts;
4447 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4467 Anum_pg_attribute_attacl,
4494 else if (classoid == LargeObjectRelationId)
4513 Anum_pg_largeobject_metadata_oid,
4518 LargeObjectMetadataOidIndexId,
true,
4523 elog(
ERROR,
"could not find tuple for large object %u", objoid);
4526 Anum_pg_largeobject_metadata_lomacl,
4547 elog(
ERROR,
"cache lookup failed for %s %u",
4575 if (classoid == RelationRelationId)
4582 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4590 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4591 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4592 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4602 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4605 AttrNumber nattrs = pg_class_tuple->relnatts;
4607 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4694 nnewmembers =
aclmembers(new_acl, &newmembers);
4700 Anum_pg_init_privs_objoid,
4704 Anum_pg_init_privs_classoid,
4708 Anum_pg_init_privs_objsubid,
4722 bool nulls[Natts_pg_init_privs] = {0};
4723 bool replace[Natts_pg_init_privs] = {0};
4729 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4733 noldmembers =
aclmembers(old_acl, &oldmembers);
4736 noldmembers, oldmembers,
4737 nnewmembers, newmembers);
4740 if (new_acl &&
ACL_NUM(new_acl) != 0)
4743 replace[Anum_pg_init_privs_initprivs - 1] =
true;
4759 bool nulls[Natts_pg_init_privs] = {0};
4767 if (new_acl &&
ACL_NUM(new_acl) != 0)
4775 values[Anum_pg_init_privs_privtype - 1] =
4789 noldmembers, oldmembers,
4790 nnewmembers, newmembers);
4829 Anum_pg_init_privs_objoid,
4833 Anum_pg_init_privs_classoid,
4837 Anum_pg_init_privs_objsubid,
4859 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4868 new_acl =
aclnewowner(old_acl, oldroleid, newroleid);
4874 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
4881 bool nulls[Natts_pg_init_privs] = {0};
4882 bool replaces[Natts_pg_init_privs] = {0};
4886 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
4889 values, nulls, replaces);
4896 noldmembers =
aclmembers(old_acl, &oldmembers);
4897 nnewmembers =
aclmembers(new_acl, &newmembers);
4900 noldmembers, oldmembers,
4901 nnewmembers, newmembers);
4940 Anum_pg_init_privs_objoid,
4944 Anum_pg_init_privs_classoid,
4948 Anum_pg_init_privs_objsubid,
4970 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4980 noldmembers =
aclmembers(old_acl, &oldmembers);
4986 elog(
ERROR,
"cache lookup failed for %s %u",
4997 if (old_acl != NULL)
5010 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
5017 bool nulls[Natts_pg_init_privs] = {0};
5018 bool replaces[Natts_pg_init_privs] = {0};
5022 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
5025 values, nulls, replaces);
5032 nnewmembers =
aclmembers(new_acl, &newmembers);
5035 noldmembers, oldmembers,
5036 nnewmembers, newmembers);
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Acl * acldefault(ObjectType objtype, Oid ownerId)
Acl * make_empty_acl(void)
Acl * aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
#define ACLITEM_ALL_PRIV_BITS
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
void RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
void ReplaceRoleInInitPriv(Oid oldroleid, Oid newroleid, Oid classid, Oid objid, int32 objsubid)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
static void ExecGrant_Relation(InternalGrant *istmt)
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
bool binary_upgrade_record_init_privs
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define Assert(condition)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Oid get_database_oid(const char *dbname, bool missing_ok)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
if(TABLE==NULL||TABLE_index==NULL)
List * lappend(List *list, void *datum)
List * lappend_oid(List *list, Oid datum)
List * list_concat(List *list1, const List *list2)
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
Oid get_multirange_range(Oid multirangeOid)
char * get_rel_name(Oid relid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
@ OBJECT_PUBLICATION_NAMESPACE
@ ACL_TARGET_ALL_IN_SCHEMA
FormData_pg_attribute * Form_pg_attribute
FormData_pg_authid * Form_pg_authid
static PgChecksumMode mode
FormData_pg_class * Form_pg_class
FormData_pg_default_acl * Form_pg_default_acl
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
FormData_pg_language * Form_pg_language
bool LargeObjectExists(Oid loid)
#define list_make1_oid(x1)
FormData_pg_namespace * Form_pg_namespace
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
FormData_pg_proc * Form_pg_proc
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void updateInitAclDependencies(Oid classId, Oid objectId, int32 objsubId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
FormData_pg_type * Form_pg_type
#define ERRCODE_UNDEFINED_TABLE
static Datum PointerGetDatum(const void *X)
static Name DatumGetName(Datum X)
static Oid DatumGetObjectId(Datum X)
static Datum Int16GetDatum(int16 X)
static Datum ObjectIdGetDatum(Oid X)
static Pointer DatumGetPointer(Datum X)
static Datum Int32GetDatum(int32 X)
static Datum CharGetDatum(char X)
Oid get_language_oid(const char *langname, bool missing_ok)
#define RelationGetDescr(relation)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define BTEqualStrategyNumber
bool superuser_arg(Oid roleid)
#define FirstLowInvalidHeapAttributeNumber
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
static void table_endscan(TableScanDesc scan)
text * cstring_to_text(const char *s)
void CommandCounterIncrement(void)