82 #include "utils/fmgroids.h"
131 int num_col_privileges);
135 int num_col_privileges);
139 bool all_privs,
AclMode privileges,
140 Oid objectId,
Oid grantorId,
185 Oid grantorId,
Oid ownerId)
210 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
211 errmsg(
"grant options can only be granted to roles")));
226 newer_acl =
aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
285 elog(
ERROR,
"grantable rights not supported for event triggers");
295 elog(
ERROR,
"unrecognized object type: %d", objtype);
307 if (
pg_aclmask(objtype, objectId, att_number, grantorId,
328 if (this_privileges == 0)
332 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
333 errmsg(
"no privileges were granted for column \"%s\" of relation \"%s\"",
337 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
338 errmsg(
"no privileges were granted for \"%s\"",
341 else if (!all_privs && this_privileges != privileges)
345 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
346 errmsg(
"not all privileges were granted for column \"%s\" of relation \"%s\"",
350 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
351 errmsg(
"not all privileges were granted for \"%s\"",
357 if (this_privileges == 0)
361 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
362 errmsg(
"no privileges could be revoked for column \"%s\" of relation \"%s\"",
366 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
367 errmsg(
"no privileges could be revoked for \"%s\"",
370 else if (!all_privs && this_privileges != privileges)
374 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
375 errmsg(
"not all privileges could be revoked for column \"%s\" of relation \"%s\"",
379 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
380 errmsg(
"not all privileges could be revoked for \"%s\"",
385 return this_privileges;
396 const char *errormsg;
411 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
412 errmsg(
"grantor must be current user")));
422 switch (
stmt->targtype)
433 elog(
ERROR,
"unrecognized GrantStmt.targtype: %d",
434 (
int)
stmt->targtype);
449 foreach(cell,
stmt->grantees)
470 switch (
stmt->objtype)
480 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
484 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
488 errormsg =
gettext_noop(
"invalid privilege type %s for database");
492 errormsg =
gettext_noop(
"invalid privilege type %s for domain");
496 errormsg =
gettext_noop(
"invalid privilege type %s for function");
500 errormsg =
gettext_noop(
"invalid privilege type %s for language");
504 errormsg =
gettext_noop(
"invalid privilege type %s for large object");
508 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
512 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
516 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
520 errormsg =
gettext_noop(
"invalid privilege type %s for tablespace");
524 errormsg =
gettext_noop(
"invalid privilege type %s for type");
528 errormsg =
gettext_noop(
"invalid privilege type %s for foreign-data wrapper");
532 errormsg =
gettext_noop(
"invalid privilege type %s for foreign server");
536 errormsg =
gettext_noop(
"invalid privilege type %s for parameter");
539 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
540 (
int)
stmt->objtype);
561 foreach(cell,
stmt->privileges)
574 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
575 errmsg(
"column privileges are only valid for relations")));
581 elog(
ERROR,
"AccessPriv node must specify privilege or columns");
584 if (priv & ~((
AclMode) all_privileges))
586 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
644 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
680 foreach(cell, objnames)
690 foreach(cell, objnames)
701 foreach(cell, objnames)
711 foreach(cell, objnames)
721 foreach(cell, objnames)
731 foreach(cell, objnames)
737 (
errcode(ERRCODE_UNDEFINED_OBJECT),
738 errmsg(
"large object %u does not exist",
745 foreach(cell, objnames)
755 foreach(cell, objnames)
765 foreach(cell, objnames)
775 foreach(cell, objnames)
785 foreach(cell, objnames)
794 foreach(cell, objnames)
803 foreach(cell, objnames)
834 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
854 foreach(cell, nspnames)
892 Anum_pg_proc_pronamespace,
899 Anum_pg_proc_prokind,
904 Anum_pg_proc_prokind,
924 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
947 Anum_pg_class_relnamespace,
951 Anum_pg_class_relkind,
986 const char *errormsg;
989 foreach(cell,
stmt->options)
993 if (strcmp(defel->
defname,
"schemas") == 0)
999 else if (strcmp(defel->
defname,
"roles") == 0)
1010 nspnames = (
List *) dnspnames->
arg;
1012 rolespecs = (
List *) drolespecs->
arg;
1030 foreach(cell,
action->grantees)
1055 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
1059 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
1063 errormsg =
gettext_noop(
"invalid privilege type %s for function");
1067 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
1071 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
1075 errormsg =
gettext_noop(
"invalid privilege type %s for type");
1079 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
1082 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
1104 foreach(cell,
action->privileges)
1111 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1112 errmsg(
"default privileges cannot be set for columns")));
1115 elog(
ERROR,
"AccessPriv node must specify privilege");
1118 if (priv & ~((
AclMode) all_privileges))
1120 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1127 if (rolespecs ==
NIL)
1139 foreach(rolecell, rolespecs)
1147 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1148 errmsg(
"permission denied to change default privileges")));
1163 if (nspnames ==
NIL)
1175 foreach(nspcell, nspnames)
1239 objtype = DEFACLOBJ_RELATION;
1245 objtype = DEFACLOBJ_SEQUENCE;
1251 objtype = DEFACLOBJ_FUNCTION;
1257 objtype = DEFACLOBJ_TYPE;
1265 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1266 errmsg(
"cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1267 objtype = DEFACLOBJ_NAMESPACE;
1273 elog(
ERROR,
"unrecognized object type: %d",
1291 Anum_pg_default_acl_defaclacl,
1305 if (old_acl != NULL)
1312 noldmembers =
aclmembers(old_acl, &oldmembers);
1355 myself.
classId = DefaultAclRelationId;
1365 bool nulls[Natts_pg_default_acl] = {0};
1366 bool replaces[Natts_pg_default_acl] = {0};
1373 Anum_pg_default_acl_oid);
1389 replaces[Anum_pg_default_acl_defaclacl - 1] =
true;
1392 values, nulls, replaces);
1409 myself.
classId = DefaultAclRelationId;
1413 referenced.
classId = NamespaceRelationId;
1424 nnewmembers =
aclmembers(new_acl, &newmembers);
1429 noldmembers, oldmembers,
1430 nnewmembers, newmembers);
1468 if (classid == DefaultAclRelationId)
1481 Anum_pg_default_acl_oid,
1491 elog(
ERROR,
"could not find tuple for default ACL %u", objid);
1495 iacls.
roleid = pg_default_acl_tuple->defaclrole;
1496 iacls.
nspid = pg_default_acl_tuple->defaclnamespace;
1498 switch (pg_default_acl_tuple->defaclobjtype)
1500 case DEFACLOBJ_RELATION:
1503 case DEFACLOBJ_SEQUENCE:
1506 case DEFACLOBJ_FUNCTION:
1509 case DEFACLOBJ_TYPE:
1512 case DEFACLOBJ_NAMESPACE:
1517 elog(
ERROR,
"unexpected default ACL type: %d",
1518 (
int) pg_default_acl_tuple->defaclobjtype);
1541 case RelationRelationId:
1545 case DatabaseRelationId:
1548 case TypeRelationId:
1551 case ProcedureRelationId:
1554 case LanguageRelationId:
1557 case LargeObjectRelationId:
1560 case NamespaceRelationId:
1563 case TableSpaceRelationId:
1566 case ForeignServerRelationId:
1569 case ForeignDataWrapperRelationId:
1572 case ParameterAclRelationId:
1576 elog(
ERROR,
"unexpected object class %u", classid);
1604 int num_col_privileges)
1608 foreach(cell, colnames)
1616 (
errcode(ERRCODE_UNDEFINED_COLUMN),
1617 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
1620 if (attnum <= 0 || attnum >= num_col_privileges)
1621 elog(
ERROR,
"column number out of range");
1622 col_privileges[
attnum] |= this_privileges;
1637 int num_col_privileges)
1643 curr_att <= classForm->relnatts;
1653 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1660 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1661 curr_att, table_oid);
1696 bool nulls[Natts_pg_attribute] = {0};
1697 bool replaces[Natts_pg_attribute] = {0};
1707 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1715 aclDatum =
SysCacheGetAttr(ATTNUM, attr_tuple, Anum_pg_attribute_attacl,
1728 noldmembers =
aclmembers(old_acl, &oldmembers);
1737 merged_acl =
aclconcat(old_rel_acl, old_acl);
1741 merged_acl, ownerId,
1742 &grantorId, &avail_goptions);
1760 NameStr(pg_attribute_tuple->attname));
1768 col_privileges, grantorId,
1775 nnewmembers =
aclmembers(new_acl, &newmembers);
1793 nulls[Anum_pg_attribute_attacl - 1] =
true;
1794 need_update = !isNull;
1796 replaces[Anum_pg_attribute_attacl - 1] =
true;
1801 values, nulls, replaces);
1807 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1812 noldmembers, oldmembers,
1813 nnewmembers, newmembers);
1842 int num_col_privileges;
1843 bool have_col_privileges;
1854 elog(
ERROR,
"cache lookup failed for relation %u", relOid);
1858 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1859 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1861 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1862 errmsg(
"\"%s\" is an index",
1863 NameStr(pg_class_tuple->relname))));
1866 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1868 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1869 errmsg(
"\"%s\" is a composite type",
1870 NameStr(pg_class_tuple->relname))));
1874 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1876 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1877 errmsg(
"\"%s\" is not a sequence",
1878 NameStr(pg_class_tuple->relname))));
1883 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1899 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1914 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1915 errmsg(
"sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1916 NameStr(pg_class_tuple->relname))));
1931 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1932 errmsg(
"invalid privilege type %s for table",
1945 have_col_privileges =
false;
1960 num_col_privileges);
1961 have_col_privileges =
true;
1968 ownerId = pg_class_tuple->relowner;
1973 switch (pg_class_tuple->relkind)
1975 case RELKIND_SEQUENCE:
1990 noldmembers =
aclmembers(old_acl, &oldmembers);
1994 old_rel_acl =
aclcopy(old_acl);
2006 bool nulls[Natts_pg_class] = {0};
2007 bool replaces[Natts_pg_class] = {0};
2015 &grantorId, &avail_goptions);
2017 switch (pg_class_tuple->relkind)
2019 case RELKIND_SEQUENCE:
2034 relOid, grantorId, objtype,
2035 NameStr(pg_class_tuple->relname),
2054 nnewmembers =
aclmembers(new_acl, &newmembers);
2057 replaces[Anum_pg_class_relacl - 1] =
true;
2061 values, nulls, replaces);
2072 noldmembers, oldmembers,
2073 nnewmembers, newmembers);
2085 foreach(cell_colprivs, istmt->
col_privs)
2096 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2097 errmsg(
"invalid privilege type %s for column",
2100 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2109 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2110 errmsg(
"sequence \"%s\" only supports SELECT column privileges",
2111 NameStr(pg_class_tuple->relname))));
2119 num_col_privileges);
2120 have_col_privileges =
true;
2123 if (have_col_privileges)
2127 for (
i = 0;
i < num_col_privileges;
i++)
2133 NameStr(pg_class_tuple->relname),
2143 pfree(col_privileges);
2200 object_check(istmt, tuple);
2224 noldmembers =
aclmembers(old_acl, &oldmembers);
2230 &grantorId, &avail_goptions);
2252 grantorId, ownerId);
2258 nnewmembers =
aclmembers(new_acl, &newmembers);
2277 noldmembers, oldmembers,
2278 nnewmembers, newmembers);
2298 if (!pg_language_tuple->lanpltrusted)
2300 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2301 errmsg(
"language \"%s\" is not trusted",
2302 NameStr(pg_language_tuple->lanname)),
2303 errdetail(
"GRANT and REVOKE are not allowed on untrusted languages, "
2304 "because only superusers can use untrusted languages.")));
2316 relation =
table_open(LargeObjectMetadataRelationId,
2333 Datum values[Natts_pg_largeobject_metadata] = {0};
2334 bool nulls[Natts_pg_largeobject_metadata] = {0};
2335 bool replaces[Natts_pg_largeobject_metadata] = {0};
2346 Anum_pg_largeobject_metadata_oid,
2351 LargeObjectMetadataOidIndexId,
true,
2356 elog(
ERROR,
"could not find tuple for large object %u", loid);
2364 ownerId = form_lo_meta->lomowner;
2366 Anum_pg_largeobject_metadata_lomacl,
2379 noldmembers =
aclmembers(old_acl, &oldmembers);
2385 &grantorId, &avail_goptions);
2391 snprintf(loname,
sizeof(loname),
"large object %u", loid);
2404 grantorId, ownerId);
2410 nnewmembers =
aclmembers(new_acl, &newmembers);
2413 replaces[Anum_pg_largeobject_metadata_lomacl - 1] =
true;
2414 values[Anum_pg_largeobject_metadata_lomacl - 1]
2418 values, nulls, replaces);
2427 form_lo_meta->oid, 0,
2429 noldmembers, oldmembers,
2430 nnewmembers, newmembers);
2451 if (IsTrueArrayType(pg_type_tuple))
2453 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2454 errmsg(
"cannot set privileges of array types"),
2455 errhint(
"Set the privileges of the element type instead.")));
2456 if (pg_type_tuple->typtype == TYPTYPE_MULTIRANGE)
2458 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2459 errmsg(
"cannot set privileges of multirange types"),
2460 errhint(
"Set the privileges of the range type instead.")));
2464 pg_type_tuple->typtype != TYPTYPE_DOMAIN)
2466 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2467 errmsg(
"\"%s\" is not a domain",
2468 NameStr(pg_type_tuple->typname))));
2486 const char *parname;
2503 elog(
ERROR,
"cache lookup failed for parameter ACL %u",
2508 Anum_pg_parameter_acl_parname);
2512 ownerId = BOOTSTRAP_SUPERUSERID;
2519 Anum_pg_parameter_acl_paracl,
2533 noldmembers =
aclmembers(old_acl, &oldmembers);
2539 &grantorId, &avail_goptions);
2548 parameterId, grantorId,
2559 grantorId, ownerId);
2565 nnewmembers =
aclmembers(new_acl, &newmembers);
2581 bool nulls[Natts_pg_parameter_acl] = {0};
2582 bool replaces[Natts_pg_parameter_acl] = {0};
2584 replaces[Anum_pg_parameter_acl_paracl - 1] =
true;
2588 values, nulls, replaces);
2600 noldmembers, oldmembers,
2601 nnewmembers, newmembers);
2617 if (strcmp(privname,
"insert") == 0)
2619 if (strcmp(privname,
"select") == 0)
2621 if (strcmp(privname,
"update") == 0)
2623 if (strcmp(privname,
"delete") == 0)
2625 if (strcmp(privname,
"truncate") == 0)
2627 if (strcmp(privname,
"references") == 0)
2629 if (strcmp(privname,
"trigger") == 0)
2631 if (strcmp(privname,
"execute") == 0)
2633 if (strcmp(privname,
"usage") == 0)
2635 if (strcmp(privname,
"create") == 0)
2637 if (strcmp(privname,
"temporary") == 0)
2639 if (strcmp(privname,
"temp") == 0)
2641 if (strcmp(privname,
"connect") == 0)
2643 if (strcmp(privname,
"set") == 0)
2645 if (strcmp(privname,
"alter system") == 0)
2647 if (strcmp(privname,
"maintain") == 0)
2650 (
errcode(ERRCODE_SYNTAX_ERROR),
2651 errmsg(
"unrecognized privilege type \"%s\"", privname)));
2671 return "REFERENCES";
2687 return "ALTER SYSTEM";
2691 elog(
ERROR,
"unrecognized privilege: %d", (
int) privilege);
2704 const char *objectname)
2713 const char *msg =
"???";
2718 msg =
gettext_noop(
"permission denied for aggregate %s");
2721 msg =
gettext_noop(
"permission denied for collation %s");
2727 msg =
gettext_noop(
"permission denied for conversion %s");
2730 msg =
gettext_noop(
"permission denied for database %s");
2736 msg =
gettext_noop(
"permission denied for event trigger %s");
2739 msg =
gettext_noop(
"permission denied for extension %s");
2742 msg =
gettext_noop(
"permission denied for foreign-data wrapper %s");
2745 msg =
gettext_noop(
"permission denied for foreign server %s");
2748 msg =
gettext_noop(
"permission denied for foreign table %s");
2751 msg =
gettext_noop(
"permission denied for function %s");
2757 msg =
gettext_noop(
"permission denied for language %s");
2760 msg =
gettext_noop(
"permission denied for large object %s");
2763 msg =
gettext_noop(
"permission denied for materialized view %s");
2766 msg =
gettext_noop(
"permission denied for operator class %s");
2769 msg =
gettext_noop(
"permission denied for operator %s");
2772 msg =
gettext_noop(
"permission denied for operator family %s");
2775 msg =
gettext_noop(
"permission denied for parameter %s");
2781 msg =
gettext_noop(
"permission denied for procedure %s");
2784 msg =
gettext_noop(
"permission denied for publication %s");
2787 msg =
gettext_noop(
"permission denied for routine %s");
2793 msg =
gettext_noop(
"permission denied for sequence %s");
2796 msg =
gettext_noop(
"permission denied for statistics object %s");
2799 msg =
gettext_noop(
"permission denied for subscription %s");
2805 msg =
gettext_noop(
"permission denied for tablespace %s");
2808 msg =
gettext_noop(
"permission denied for text search configuration %s");
2811 msg =
gettext_noop(
"permission denied for text search dictionary %s");
2838 elog(
ERROR,
"unsupported object type: %d", objtype);
2842 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2843 errmsg(msg, objectname)));
2848 const char *msg =
"???";
2868 msg =
gettext_noop(
"must be owner of event trigger %s");
2874 msg =
gettext_noop(
"must be owner of foreign-data wrapper %s");
2877 msg =
gettext_noop(
"must be owner of foreign server %s");
2880 msg =
gettext_noop(
"must be owner of foreign table %s");
2892 msg =
gettext_noop(
"must be owner of large object %s");
2895 msg =
gettext_noop(
"must be owner of materialized view %s");
2898 msg =
gettext_noop(
"must be owner of operator class %s");
2904 msg =
gettext_noop(
"must be owner of operator family %s");
2919 msg =
gettext_noop(
"must be owner of subscription %s");
2934 msg =
gettext_noop(
"must be owner of statistics object %s");
2940 msg =
gettext_noop(
"must be owner of text search configuration %s");
2943 msg =
gettext_noop(
"must be owner of text search dictionary %s");
2976 elog(
ERROR,
"unsupported object type: %d", objtype);
2980 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2981 errmsg(msg, objectname)));
2985 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2993 const char *objectname,
const char *colname)
3002 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
3003 errmsg(
"permission denied for column \"%s\" of relation \"%s\"",
3004 colname, objectname)));
3011 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
3047 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3049 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3051 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3058 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3060 elog(
ERROR,
"grantable rights not supported for statistics objects");
3064 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3066 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3068 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3070 elog(
ERROR,
"grantable rights not supported for event triggers");
3074 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3076 elog(
ERROR,
"unrecognized object type: %d",
3125 case NamespaceRelationId:
3128 case TypeRelationId:
3134 Assert(classid != RelationRelationId);
3135 Assert(classid != LargeObjectMetadataRelationId);
3151 if (is_missing != NULL)
3159 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3160 errmsg(
"%s with OID %u does not exist",
3174 aclDatum = (
Datum) 0;
3182 result =
aclmask(acl, roleid, ownerId, mask, how);
3234 if (is_missing != NULL)
3242 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3243 errmsg(
"attribute %d of relation with OID %u does not exist",
3250 if (attributeForm->attisdropped)
3252 if (is_missing != NULL)
3261 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3262 errmsg(
"attribute %d of relation with OID %u does not exist",
3266 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
3291 if (is_missing != NULL)
3300 errmsg(
"relation with OID %u does not exist",
3305 ownerId = classForm->relowner;
3312 result =
aclmask(acl, roleid, ownerId, mask, how);
3354 if (is_missing != NULL)
3363 errmsg(
"relation with OID %u does not exist",
3379 classForm->relkind != RELKIND_VIEW &&
3395 ownerId = classForm->relowner;
3402 switch (classForm->relkind)
3404 case RELKIND_SEQUENCE:
3411 aclDatum = (
Datum) 0;
3419 result =
aclmask(acl, roleid, ownerId, mask, how);
3497 Anum_pg_parameter_acl_paracl,
3503 aclDatum = (
Datum) 0;
3511 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3547 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3548 errmsg(
"parameter ACL with OID %u does not exist",
3552 Anum_pg_parameter_acl_paracl,
3558 aclDatum = (
Datum) 0;
3566 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3611 pg_lo_meta =
table_open(LargeObjectMetadataRelationId,
3615 Anum_pg_largeobject_metadata_oid,
3620 LargeObjectMetadataOidIndexId,
true,
3621 snapshot, 1, entry);
3626 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3627 errmsg(
"large object %u does not exist", lobj_oid)));
3631 aclDatum =
heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3638 aclDatum = (
Datum) 0;
3646 result =
aclmask(acl, roleid, ownerId, mask, how);
3712 if (is_missing != NULL)
3720 (
errcode(ERRCODE_UNDEFINED_SCHEMA),
3721 errmsg(
"schema with OID %u does not exist", nsp_oid)));
3726 aclDatum =
SysCacheGetAttr(NAMESPACEOID, tuple, Anum_pg_namespace_nspacl,
3732 aclDatum = (
Datum) 0;
3740 result =
aclmask(acl, roleid, ownerId, mask, how);
3786 if (is_missing != NULL)
3794 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3795 errmsg(
"type with OID %u does not exist",
3804 if (IsTrueArrayType(typeForm))
3806 Oid elttype_oid = typeForm->typelem;
3813 if (is_missing != NULL)
3821 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3822 errmsg(
"type with OID %u does not exist",
3833 if (typeForm->typtype == TYPTYPE_MULTIRANGE)
3842 if (is_missing != NULL)
3850 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3851 errmsg(
"type with OID %u does not exist",
3860 ownerId = typeForm->typowner;
3863 Anum_pg_type_typacl, &isNull);
3868 aclDatum = (
Datum) 0;
3876 result =
aclmask(acl, roleid, ownerId, mask, how);
3993 if (is_missing != NULL)
4002 errmsg(
"relation with OID %u does not exist",
4007 ownerId = classForm->relowner;
4008 nattrs = classForm->relnatts;
4018 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4045 aclDatum =
SysCacheGetAttr(ATTNUM, attTuple, Anum_pg_attribute_attacl,
4155 if (classid == LargeObjectRelationId)
4156 classid = LargeObjectMetadataRelationId;
4167 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4198 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4228 bool result =
false;
4247 bool result =
false;
4285 Anum_pg_default_acl_defaclacl,
4323 defaclobjtype = DEFACLOBJ_RELATION;
4327 defaclobjtype = DEFACLOBJ_SEQUENCE;
4331 defaclobjtype = DEFACLOBJ_FUNCTION;
4335 defaclobjtype = DEFACLOBJ_TYPE;
4339 defaclobjtype = DEFACLOBJ_NAMESPACE;
4351 if (glob_acl == NULL && schema_acl == NULL)
4358 if (glob_acl == NULL)
4362 result =
aclmerge(glob_acl, schema_acl, ownerId);
4416 if (classoid == RelationRelationId)
4425 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4433 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4434 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4435 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4445 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4448 AttrNumber nattrs = pg_class_tuple->relnatts;
4450 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4470 Anum_pg_attribute_attacl,
4497 else if (classoid == LargeObjectRelationId)
4516 Anum_pg_largeobject_metadata_oid,
4521 LargeObjectMetadataOidIndexId,
true,
4526 elog(
ERROR,
"could not find tuple for large object %u", objoid);
4529 Anum_pg_largeobject_metadata_lomacl,
4550 elog(
ERROR,
"cache lookup failed for %s %u",
4578 if (classoid == RelationRelationId)
4585 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4593 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4594 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4595 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4605 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4608 AttrNumber nattrs = pg_class_tuple->relnatts;
4610 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4697 nnewmembers =
aclmembers(new_acl, &newmembers);
4703 Anum_pg_init_privs_objoid,
4707 Anum_pg_init_privs_classoid,
4711 Anum_pg_init_privs_objsubid,
4725 bool nulls[Natts_pg_init_privs] = {0};
4726 bool replace[Natts_pg_init_privs] = {0};
4732 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4736 noldmembers =
aclmembers(old_acl, &oldmembers);
4739 noldmembers, oldmembers,
4740 nnewmembers, newmembers);
4743 if (new_acl &&
ACL_NUM(new_acl) != 0)
4746 replace[Anum_pg_init_privs_initprivs - 1] =
true;
4762 bool nulls[Natts_pg_init_privs] = {0};
4770 if (new_acl &&
ACL_NUM(new_acl) != 0)
4778 values[Anum_pg_init_privs_privtype - 1] =
4792 noldmembers, oldmembers,
4793 nnewmembers, newmembers);
4832 Anum_pg_init_privs_objoid,
4836 Anum_pg_init_privs_classoid,
4840 Anum_pg_init_privs_objsubid,
4862 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4871 new_acl =
aclnewowner(old_acl, oldroleid, newroleid);
4877 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
4884 bool nulls[Natts_pg_init_privs] = {0};
4885 bool replaces[Natts_pg_init_privs] = {0};
4889 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
4892 values, nulls, replaces);
4899 noldmembers =
aclmembers(old_acl, &oldmembers);
4900 nnewmembers =
aclmembers(new_acl, &newmembers);
4903 noldmembers, oldmembers,
4904 nnewmembers, newmembers);
4943 Anum_pg_init_privs_objoid,
4947 Anum_pg_init_privs_classoid,
4951 Anum_pg_init_privs_objsubid,
4973 oldAclDatum =
heap_getattr(oldtuple, Anum_pg_init_privs_initprivs,
4983 noldmembers =
aclmembers(old_acl, &oldmembers);
4989 elog(
ERROR,
"cache lookup failed for %s %u",
5000 if (old_acl != NULL)
5013 if (new_acl == NULL ||
ACL_NUM(new_acl) == 0)
5020 bool nulls[Natts_pg_init_privs] = {0};
5021 bool replaces[Natts_pg_init_privs] = {0};
5025 replaces[Anum_pg_init_privs_initprivs - 1] =
true;
5028 values, nulls, replaces);
5035 nnewmembers =
aclmembers(new_acl, &newmembers);
5038 noldmembers, oldmembers,
5039 nnewmembers, newmembers);
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Acl * acldefault(ObjectType objtype, Oid ownerId)
Acl * make_empty_acl(void)
Acl * aclnewowner(const Acl *old_acl, Oid oldOwnerId, Oid newOwnerId)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
#define ACLITEM_ALL_PRIV_BITS
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
AclResult object_aclcheck_ext(Oid classid, Oid objectid, Oid roleid, AclMode mode, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
void RemoveRoleFromInitPriv(Oid roleid, Oid classid, Oid objid, int32 objsubid)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
AclResult pg_attribute_aclcheck_all_ext(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how, bool *is_missing)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
void ReplaceRoleInInitPriv(Oid oldroleid, Oid newroleid, Oid classid, Oid objid, int32 objsubid)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static AclMode pg_namespace_aclmask_ext(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
static void ExecGrant_Relation(InternalGrant *istmt)
static AclMode pg_type_aclmask_ext(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
bool binary_upgrade_record_init_privs
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static AclMode object_aclmask_ext(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define Assert(condition)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Oid get_database_oid(const char *dbname, bool missing_ok)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, const Datum *replValues, const bool *replIsnull, const bool *doReplace)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, const Datum *values, const bool *isnull)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
if(TABLE==NULL||TABLE_index==NULL)
List * lappend(List *list, void *datum)
List * lappend_oid(List *list, Oid datum)
List * list_concat(List *list1, const List *list2)
void UnlockTuple(Relation relation, ItemPointer tid, LOCKMODE lockmode)
#define InplaceUpdateTupleLock
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
Oid get_multirange_range(Oid multirangeOid)
char * get_rel_name(Oid relid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
@ OBJECT_PUBLICATION_NAMESPACE
@ ACL_TARGET_ALL_IN_SCHEMA
FormData_pg_attribute * Form_pg_attribute
FormData_pg_authid * Form_pg_authid
static PgChecksumMode mode
FormData_pg_class * Form_pg_class
FormData_pg_default_acl * Form_pg_default_acl
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
FormData_pg_language * Form_pg_language
bool LargeObjectExists(Oid loid)
#define list_make1_oid(x1)
FormData_pg_namespace * Form_pg_namespace
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
FormData_pg_proc * Form_pg_proc
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void updateInitAclDependencies(Oid classId, Oid objectId, int32 objsubId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
FormData_pg_type * Form_pg_type
#define ERRCODE_UNDEFINED_TABLE
static Datum PointerGetDatum(const void *X)
static Name DatumGetName(Datum X)
static Oid DatumGetObjectId(Datum X)
static Datum Int16GetDatum(int16 X)
static Datum ObjectIdGetDatum(Oid X)
static Pointer DatumGetPointer(Datum X)
static Datum Int32GetDatum(int32 X)
static Datum CharGetDatum(char X)
Oid get_language_oid(const char *langname, bool missing_ok)
#define RelationGetDescr(relation)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define BTEqualStrategyNumber