77 #include "utils/fmgroids.h"
126 int num_col_privileges);
130 int num_col_privileges);
134 bool all_privs,
AclMode privileges,
135 Oid objectId,
Oid grantorId,
175 Oid grantorId,
Oid ownerId)
200 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
201 errmsg(
"grant options can only be granted to roles")));
216 newer_acl =
aclupdate(new_acl, &aclitem, modechg, ownerId, behavior);
275 elog(
ERROR,
"grantable rights not supported for event triggers");
285 elog(
ERROR,
"unrecognized object type: %d", objtype);
297 if (
pg_aclmask(objtype, objectId, att_number, grantorId,
318 if (this_privileges == 0)
322 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
323 errmsg(
"no privileges were granted for column \"%s\" of relation \"%s\"",
327 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
328 errmsg(
"no privileges were granted for \"%s\"",
331 else if (!all_privs && this_privileges != privileges)
335 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
336 errmsg(
"not all privileges were granted for column \"%s\" of relation \"%s\"",
340 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_GRANTED),
341 errmsg(
"not all privileges were granted for \"%s\"",
347 if (this_privileges == 0)
351 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
352 errmsg(
"no privileges could be revoked for column \"%s\" of relation \"%s\"",
356 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
357 errmsg(
"no privileges could be revoked for \"%s\"",
360 else if (!all_privs && this_privileges != privileges)
364 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
365 errmsg(
"not all privileges could be revoked for column \"%s\" of relation \"%s\"",
369 (
errcode(ERRCODE_WARNING_PRIVILEGE_NOT_REVOKED),
370 errmsg(
"not all privileges could be revoked for \"%s\"",
375 return this_privileges;
386 const char *errormsg;
401 (
errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
402 errmsg(
"grantor must be current user")));
412 switch (
stmt->targtype)
423 elog(
ERROR,
"unrecognized GrantStmt.targtype: %d",
424 (
int)
stmt->targtype);
439 foreach(cell,
stmt->grantees)
460 switch (
stmt->objtype)
470 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
474 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
478 errormsg =
gettext_noop(
"invalid privilege type %s for database");
482 errormsg =
gettext_noop(
"invalid privilege type %s for domain");
486 errormsg =
gettext_noop(
"invalid privilege type %s for function");
490 errormsg =
gettext_noop(
"invalid privilege type %s for language");
494 errormsg =
gettext_noop(
"invalid privilege type %s for large object");
498 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
502 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
506 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
510 errormsg =
gettext_noop(
"invalid privilege type %s for tablespace");
514 errormsg =
gettext_noop(
"invalid privilege type %s for type");
518 errormsg =
gettext_noop(
"invalid privilege type %s for foreign-data wrapper");
522 errormsg =
gettext_noop(
"invalid privilege type %s for foreign server");
526 errormsg =
gettext_noop(
"invalid privilege type %s for parameter");
529 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
530 (
int)
stmt->objtype);
551 foreach(cell,
stmt->privileges)
564 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
565 errmsg(
"column privileges are only valid for relations")));
571 elog(
ERROR,
"AccessPriv node must specify privilege or columns");
574 if (priv & ~((
AclMode) all_privileges))
576 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
634 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
670 foreach(cell, objnames)
680 foreach(cell, objnames)
691 foreach(cell, objnames)
701 foreach(cell, objnames)
711 foreach(cell, objnames)
721 foreach(cell, objnames)
727 (
errcode(ERRCODE_UNDEFINED_OBJECT),
728 errmsg(
"large object %u does not exist",
735 foreach(cell, objnames)
745 foreach(cell, objnames)
755 foreach(cell, objnames)
765 foreach(cell, objnames)
775 foreach(cell, objnames)
784 foreach(cell, objnames)
793 foreach(cell, objnames)
824 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
844 foreach(cell, nspnames)
882 Anum_pg_proc_pronamespace,
889 Anum_pg_proc_prokind,
894 Anum_pg_proc_prokind,
914 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
937 Anum_pg_class_relnamespace,
941 Anum_pg_class_relkind,
976 const char *errormsg;
979 foreach(cell,
stmt->options)
983 if (strcmp(defel->
defname,
"schemas") == 0)
989 else if (strcmp(defel->
defname,
"roles") == 0)
1000 nspnames = (
List *) dnspnames->
arg;
1002 rolespecs = (
List *) drolespecs->
arg;
1020 foreach(cell,
action->grantees)
1045 errormsg =
gettext_noop(
"invalid privilege type %s for relation");
1049 errormsg =
gettext_noop(
"invalid privilege type %s for sequence");
1053 errormsg =
gettext_noop(
"invalid privilege type %s for function");
1057 errormsg =
gettext_noop(
"invalid privilege type %s for procedure");
1061 errormsg =
gettext_noop(
"invalid privilege type %s for routine");
1065 errormsg =
gettext_noop(
"invalid privilege type %s for type");
1069 errormsg =
gettext_noop(
"invalid privilege type %s for schema");
1072 elog(
ERROR,
"unrecognized GrantStmt.objtype: %d",
1094 foreach(cell,
action->privileges)
1101 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1102 errmsg(
"default privileges cannot be set for columns")));
1105 elog(
ERROR,
"AccessPriv node must specify privilege");
1108 if (priv & ~((
AclMode) all_privileges))
1110 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1117 if (rolespecs ==
NIL)
1129 foreach(rolecell, rolespecs)
1137 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1138 errmsg(
"permission denied to change default privileges")));
1153 if (nspnames ==
NIL)
1165 foreach(nspcell, nspnames)
1229 objtype = DEFACLOBJ_RELATION;
1235 objtype = DEFACLOBJ_SEQUENCE;
1241 objtype = DEFACLOBJ_FUNCTION;
1247 objtype = DEFACLOBJ_TYPE;
1255 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1256 errmsg(
"cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS")));
1257 objtype = DEFACLOBJ_NAMESPACE;
1263 elog(
ERROR,
"unrecognized object type: %d",
1281 Anum_pg_default_acl_defaclacl,
1295 if (old_acl != NULL)
1302 noldmembers =
aclmembers(old_acl, &oldmembers);
1345 myself.
classId = DefaultAclRelationId;
1355 bool nulls[Natts_pg_default_acl] = {0};
1356 bool replaces[Natts_pg_default_acl] = {0};
1363 Anum_pg_default_acl_oid);
1379 replaces[Anum_pg_default_acl_defaclacl - 1] =
true;
1382 values, nulls, replaces);
1399 myself.
classId = DefaultAclRelationId;
1403 referenced.
classId = NamespaceRelationId;
1414 nnewmembers =
aclmembers(new_acl, &newmembers);
1419 noldmembers, oldmembers,
1420 nnewmembers, newmembers);
1446 if (classid == DefaultAclRelationId)
1459 Anum_pg_default_acl_oid,
1469 elog(
ERROR,
"could not find tuple for default ACL %u", objid);
1473 iacls.
roleid = pg_default_acl_tuple->defaclrole;
1474 iacls.
nspid = pg_default_acl_tuple->defaclnamespace;
1476 switch (pg_default_acl_tuple->defaclobjtype)
1478 case DEFACLOBJ_RELATION:
1481 case DEFACLOBJ_SEQUENCE:
1484 case DEFACLOBJ_FUNCTION:
1487 case DEFACLOBJ_TYPE:
1490 case DEFACLOBJ_NAMESPACE:
1495 elog(
ERROR,
"unexpected default ACL type: %d",
1496 (
int) pg_default_acl_tuple->defaclobjtype);
1519 case RelationRelationId:
1523 case DatabaseRelationId:
1526 case TypeRelationId:
1529 case ProcedureRelationId:
1532 case LanguageRelationId:
1535 case LargeObjectRelationId:
1538 case NamespaceRelationId:
1541 case TableSpaceRelationId:
1544 case ForeignServerRelationId:
1547 case ForeignDataWrapperRelationId:
1550 case ParameterAclRelationId:
1554 elog(
ERROR,
"unexpected object class %u", classid);
1582 int num_col_privileges)
1586 foreach(cell, colnames)
1594 (
errcode(ERRCODE_UNDEFINED_COLUMN),
1595 errmsg(
"column \"%s\" of relation \"%s\" does not exist",
1598 if (attnum <= 0 || attnum >= num_col_privileges)
1599 elog(
ERROR,
"column number out of range");
1600 col_privileges[
attnum] |= this_privileges;
1615 int num_col_privileges)
1621 curr_att <= classForm->relnatts;
1631 if (classForm->relkind == RELKIND_VIEW && curr_att < 0)
1638 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1639 curr_att, table_oid);
1674 bool nulls[Natts_pg_attribute] = {0};
1675 bool replaces[Natts_pg_attribute] = {0};
1685 elog(
ERROR,
"cache lookup failed for attribute %d of relation %u",
1706 noldmembers =
aclmembers(old_acl, &oldmembers);
1715 merged_acl =
aclconcat(old_rel_acl, old_acl);
1719 merged_acl, ownerId,
1720 &grantorId, &avail_goptions);
1738 NameStr(pg_attribute_tuple->attname));
1746 col_privileges, grantorId,
1753 nnewmembers =
aclmembers(new_acl, &newmembers);
1771 nulls[Anum_pg_attribute_attacl - 1] =
true;
1772 need_update = !isNull;
1774 replaces[Anum_pg_attribute_attacl - 1] =
true;
1779 values, nulls, replaces);
1785 ACL_NUM(new_acl) > 0 ? new_acl : NULL);
1790 noldmembers, oldmembers,
1791 nnewmembers, newmembers);
1820 int num_col_privileges;
1821 bool have_col_privileges;
1832 elog(
ERROR,
"cache lookup failed for relation %u", relOid);
1836 if (pg_class_tuple->relkind == RELKIND_INDEX ||
1837 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX)
1839 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1840 errmsg(
"\"%s\" is an index",
1841 NameStr(pg_class_tuple->relname))));
1844 if (pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
1846 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1847 errmsg(
"\"%s\" is a composite type",
1848 NameStr(pg_class_tuple->relname))));
1852 pg_class_tuple->relkind != RELKIND_SEQUENCE)
1854 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
1855 errmsg(
"\"%s\" is not a sequence",
1856 NameStr(pg_class_tuple->relname))));
1861 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1877 if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
1892 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1893 errmsg(
"sequence \"%s\" only supports USAGE, SELECT, and UPDATE privileges",
1894 NameStr(pg_class_tuple->relname))));
1909 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
1910 errmsg(
"invalid privilege type %s for table",
1923 have_col_privileges =
false;
1938 num_col_privileges);
1939 have_col_privileges =
true;
1946 ownerId = pg_class_tuple->relowner;
1951 switch (pg_class_tuple->relkind)
1953 case RELKIND_SEQUENCE:
1968 noldmembers =
aclmembers(old_acl, &oldmembers);
1972 old_rel_acl =
aclcopy(old_acl);
1984 bool nulls[Natts_pg_class] = {0};
1985 bool replaces[Natts_pg_class] = {0};
1993 &grantorId, &avail_goptions);
1995 switch (pg_class_tuple->relkind)
1997 case RELKIND_SEQUENCE:
2012 relOid, grantorId, objtype,
2013 NameStr(pg_class_tuple->relname),
2032 nnewmembers =
aclmembers(new_acl, &newmembers);
2035 replaces[Anum_pg_class_relacl - 1] =
true;
2039 values, nulls, replaces);
2049 noldmembers, oldmembers,
2050 nnewmembers, newmembers);
2060 foreach(cell_colprivs, istmt->
col_privs)
2071 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2072 errmsg(
"invalid privilege type %s for column",
2075 if (pg_class_tuple->relkind == RELKIND_SEQUENCE &&
2084 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2085 errmsg(
"sequence \"%s\" only supports SELECT column privileges",
2086 NameStr(pg_class_tuple->relname))));
2094 num_col_privileges);
2095 have_col_privileges =
true;
2098 if (have_col_privileges)
2102 for (
i = 0;
i < num_col_privileges;
i++)
2108 NameStr(pg_class_tuple->relname),
2118 pfree(col_privileges);
2175 object_check(istmt, tuple);
2199 noldmembers =
aclmembers(old_acl, &oldmembers);
2205 &grantorId, &avail_goptions);
2227 grantorId, ownerId);
2233 nnewmembers =
aclmembers(new_acl, &newmembers);
2251 noldmembers, oldmembers,
2252 nnewmembers, newmembers);
2272 if (!pg_language_tuple->lanpltrusted)
2274 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2275 errmsg(
"language \"%s\" is not trusted",
2276 NameStr(pg_language_tuple->lanname)),
2277 errdetail(
"GRANT and REVOKE are not allowed on untrusted languages, "
2278 "because only superusers can use untrusted languages.")));
2290 relation =
table_open(LargeObjectMetadataRelationId,
2307 Datum values[Natts_pg_largeobject_metadata] = {0};
2308 bool nulls[Natts_pg_largeobject_metadata] = {0};
2309 bool replaces[Natts_pg_largeobject_metadata] = {0};
2320 Anum_pg_largeobject_metadata_oid,
2325 LargeObjectMetadataOidIndexId,
true,
2330 elog(
ERROR,
"could not find tuple for large object %u", loid);
2338 ownerId = form_lo_meta->lomowner;
2340 Anum_pg_largeobject_metadata_lomacl,
2353 noldmembers =
aclmembers(old_acl, &oldmembers);
2359 &grantorId, &avail_goptions);
2365 snprintf(loname,
sizeof(loname),
"large object %u", loid);
2378 grantorId, ownerId);
2384 nnewmembers =
aclmembers(new_acl, &newmembers);
2387 replaces[Anum_pg_largeobject_metadata_lomacl - 1] =
true;
2388 values[Anum_pg_largeobject_metadata_lomacl - 1]
2392 values, nulls, replaces);
2401 form_lo_meta->oid, 0,
2403 noldmembers, oldmembers,
2404 nnewmembers, newmembers);
2424 if (IsTrueArrayType(pg_type_tuple))
2426 (
errcode(ERRCODE_INVALID_GRANT_OPERATION),
2427 errmsg(
"cannot set privileges of array types"),
2428 errhint(
"Set the privileges of the element type instead.")));
2432 pg_type_tuple->typtype != TYPTYPE_DOMAIN)
2434 (
errcode(ERRCODE_WRONG_OBJECT_TYPE),
2435 errmsg(
"\"%s\" is not a domain",
2436 NameStr(pg_type_tuple->typname))));
2454 const char *parname;
2471 elog(
ERROR,
"cache lookup failed for parameter ACL %u",
2476 Anum_pg_parameter_acl_parname);
2480 ownerId = BOOTSTRAP_SUPERUSERID;
2487 Anum_pg_parameter_acl_paracl,
2501 noldmembers =
aclmembers(old_acl, &oldmembers);
2507 &grantorId, &avail_goptions);
2516 parameterId, grantorId,
2527 grantorId, ownerId);
2533 nnewmembers =
aclmembers(new_acl, &newmembers);
2549 bool nulls[Natts_pg_parameter_acl] = {0};
2550 bool replaces[Natts_pg_parameter_acl] = {0};
2552 replaces[Anum_pg_parameter_acl_paracl - 1] =
true;
2556 values, nulls, replaces);
2568 noldmembers, oldmembers,
2569 nnewmembers, newmembers);
2585 if (strcmp(privname,
"insert") == 0)
2587 if (strcmp(privname,
"select") == 0)
2589 if (strcmp(privname,
"update") == 0)
2591 if (strcmp(privname,
"delete") == 0)
2593 if (strcmp(privname,
"truncate") == 0)
2595 if (strcmp(privname,
"references") == 0)
2597 if (strcmp(privname,
"trigger") == 0)
2599 if (strcmp(privname,
"execute") == 0)
2601 if (strcmp(privname,
"usage") == 0)
2603 if (strcmp(privname,
"create") == 0)
2605 if (strcmp(privname,
"temporary") == 0)
2607 if (strcmp(privname,
"temp") == 0)
2609 if (strcmp(privname,
"connect") == 0)
2611 if (strcmp(privname,
"set") == 0)
2613 if (strcmp(privname,
"alter system") == 0)
2615 if (strcmp(privname,
"rule") == 0)
2618 (
errcode(ERRCODE_SYNTAX_ERROR),
2619 errmsg(
"unrecognized privilege type \"%s\"", privname)));
2639 return "REFERENCES";
2655 return "ALTER SYSTEM";
2657 elog(
ERROR,
"unrecognized privilege: %d", (
int) privilege);
2670 const char *objectname)
2679 const char *msg =
"???";
2684 msg =
gettext_noop(
"permission denied for aggregate %s");
2687 msg =
gettext_noop(
"permission denied for collation %s");
2693 msg =
gettext_noop(
"permission denied for conversion %s");
2696 msg =
gettext_noop(
"permission denied for database %s");
2702 msg =
gettext_noop(
"permission denied for event trigger %s");
2705 msg =
gettext_noop(
"permission denied for extension %s");
2708 msg =
gettext_noop(
"permission denied for foreign-data wrapper %s");
2711 msg =
gettext_noop(
"permission denied for foreign server %s");
2714 msg =
gettext_noop(
"permission denied for foreign table %s");
2717 msg =
gettext_noop(
"permission denied for function %s");
2723 msg =
gettext_noop(
"permission denied for language %s");
2726 msg =
gettext_noop(
"permission denied for large object %s");
2729 msg =
gettext_noop(
"permission denied for materialized view %s");
2732 msg =
gettext_noop(
"permission denied for operator class %s");
2735 msg =
gettext_noop(
"permission denied for operator %s");
2738 msg =
gettext_noop(
"permission denied for operator family %s");
2741 msg =
gettext_noop(
"permission denied for parameter %s");
2747 msg =
gettext_noop(
"permission denied for procedure %s");
2750 msg =
gettext_noop(
"permission denied for publication %s");
2753 msg =
gettext_noop(
"permission denied for routine %s");
2759 msg =
gettext_noop(
"permission denied for sequence %s");
2762 msg =
gettext_noop(
"permission denied for statistics object %s");
2765 msg =
gettext_noop(
"permission denied for subscription %s");
2771 msg =
gettext_noop(
"permission denied for tablespace %s");
2774 msg =
gettext_noop(
"permission denied for text search configuration %s");
2777 msg =
gettext_noop(
"permission denied for text search dictionary %s");
2804 elog(
ERROR,
"unsupported object type: %d", objtype);
2808 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2809 errmsg(msg, objectname)));
2814 const char *msg =
"???";
2834 msg =
gettext_noop(
"must be owner of event trigger %s");
2840 msg =
gettext_noop(
"must be owner of foreign-data wrapper %s");
2843 msg =
gettext_noop(
"must be owner of foreign server %s");
2846 msg =
gettext_noop(
"must be owner of foreign table %s");
2858 msg =
gettext_noop(
"must be owner of large object %s");
2861 msg =
gettext_noop(
"must be owner of materialized view %s");
2864 msg =
gettext_noop(
"must be owner of operator class %s");
2870 msg =
gettext_noop(
"must be owner of operator family %s");
2885 msg =
gettext_noop(
"must be owner of subscription %s");
2900 msg =
gettext_noop(
"must be owner of statistics object %s");
2906 msg =
gettext_noop(
"must be owner of text search configuration %s");
2909 msg =
gettext_noop(
"must be owner of text search dictionary %s");
2942 elog(
ERROR,
"unsupported object type: %d", objtype);
2946 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2947 errmsg(msg, objectname)));
2951 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
2959 const char *objectname,
const char *colname)
2968 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
2969 errmsg(
"permission denied for column \"%s\" of relation \"%s\"",
2970 colname, objectname)));
2977 elog(
ERROR,
"unrecognized AclResult: %d", (
int) aclerr);
3013 return object_aclmask(DatabaseRelationId, object_oid, roleid, mask, how);
3015 return object_aclmask(ProcedureRelationId, object_oid, roleid, mask, how);
3017 return object_aclmask(LanguageRelationId, object_oid, roleid, mask, how);
3024 return object_aclmask(NamespaceRelationId, object_oid, roleid, mask, how);
3026 elog(
ERROR,
"grantable rights not supported for statistics objects");
3030 return object_aclmask(TableSpaceRelationId, object_oid, roleid, mask, how);
3032 return object_aclmask(ForeignDataWrapperRelationId, object_oid, roleid, mask, how);
3034 return object_aclmask(ForeignServerRelationId, object_oid, roleid, mask, how);
3036 elog(
ERROR,
"grantable rights not supported for event triggers");
3040 return object_aclmask(TypeRelationId, object_oid, roleid, mask, how);
3042 elog(
ERROR,
"unrecognized object type: %d",
3079 case NamespaceRelationId:
3081 case TypeRelationId:
3086 Assert(classid != RelationRelationId);
3087 Assert(classid != LargeObjectMetadataRelationId);
3103 (
errcode(ERRCODE_UNDEFINED_DATABASE),
3116 aclDatum = (
Datum) 0;
3124 result =
aclmask(acl, roleid, ownerId, mask, how);
3179 if (is_missing != NULL)
3187 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3188 errmsg(
"attribute %d of relation with OID %u does not exist",
3195 if (attributeForm->attisdropped)
3197 if (is_missing != NULL)
3206 (
errcode(ERRCODE_UNDEFINED_COLUMN),
3207 errmsg(
"attribute %d of relation with OID %u does not exist",
3241 ownerId = classForm->relowner;
3248 result =
aclmask(acl, roleid, ownerId, mask, how);
3293 if (is_missing != NULL)
3302 errmsg(
"relation with OID %u does not exist",
3318 classForm->relkind != RELKIND_VIEW &&
3334 ownerId = classForm->relowner;
3341 switch (classForm->relkind)
3343 case RELKIND_SEQUENCE:
3350 aclDatum = (
Datum) 0;
3358 result =
aclmask(acl, roleid, ownerId, mask, how);
3425 Anum_pg_parameter_acl_paracl,
3431 aclDatum = (
Datum) 0;
3439 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3475 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3476 errmsg(
"parameter ACL with OID %u does not exist",
3480 Anum_pg_parameter_acl_paracl,
3486 aclDatum = (
Datum) 0;
3494 result =
aclmask(acl, roleid, BOOTSTRAP_SUPERUSERID, mask, how);
3539 pg_lo_meta =
table_open(LargeObjectMetadataRelationId,
3543 Anum_pg_largeobject_metadata_oid,
3548 LargeObjectMetadataOidIndexId,
true,
3549 snapshot, 1, entry);
3554 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3555 errmsg(
"large object %u does not exist", lobj_oid)));
3559 aclDatum =
heap_getattr(tuple, Anum_pg_largeobject_metadata_lomacl,
3566 aclDatum = (
Datum) 0;
3574 result =
aclmask(acl, roleid, ownerId, mask, how);
3639 (
errcode(ERRCODE_UNDEFINED_SCHEMA),
3640 errmsg(
"schema with OID %u does not exist", nsp_oid)));
3650 aclDatum = (
Datum) 0;
3658 result =
aclmask(acl, roleid, ownerId, mask, how);
3704 (
errcode(ERRCODE_UNDEFINED_OBJECT),
3705 errmsg(
"type with OID %u does not exist",
3713 if (IsTrueArrayType(typeForm))
3715 Oid elttype_oid = typeForm->typelem;
3722 elog(
ERROR,
"cache lookup failed for type %u", elttype_oid);
3729 ownerId = typeForm->typowner;
3732 Anum_pg_type_typacl, &isNull);
3737 aclDatum = (
Datum) 0;
3745 result =
aclmask(acl, roleid, ownerId, mask, how);
3842 nattrs = classForm->relnatts;
3852 for (curr_att = 1; curr_att <= nattrs; curr_att++)
3978 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4010 (
errcode(ERRCODE_UNDEFINED_OBJECT),
4040 bool result =
false;
4059 bool result =
false;
4097 Anum_pg_default_acl_defaclacl,
4135 defaclobjtype = DEFACLOBJ_RELATION;
4139 defaclobjtype = DEFACLOBJ_SEQUENCE;
4143 defaclobjtype = DEFACLOBJ_FUNCTION;
4147 defaclobjtype = DEFACLOBJ_TYPE;
4151 defaclobjtype = DEFACLOBJ_NAMESPACE;
4163 if (glob_acl == NULL && schema_acl == NULL)
4170 if (glob_acl == NULL)
4174 result =
aclmerge(glob_acl, schema_acl, ownerId);
4228 if (classoid == RelationRelationId)
4237 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4245 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4246 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4247 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4257 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4260 AttrNumber nattrs = pg_class_tuple->relnatts;
4262 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4282 Anum_pg_attribute_attacl,
4310 else if (classoid == LargeObjectMetadataRelationId)
4328 Anum_pg_largeobject_metadata_oid,
4333 LargeObjectMetadataOidIndexId,
true,
4338 elog(
ERROR,
"could not find tuple for large object %u", objoid);
4341 Anum_pg_largeobject_metadata_lomacl,
4361 elog(
ERROR,
"cache lookup failed for %s %u",
4389 if (classoid == RelationRelationId)
4396 elog(
ERROR,
"cache lookup failed for relation %u", objoid);
4404 if (pg_class_tuple->relkind == RELKIND_INDEX ||
4405 pg_class_tuple->relkind == RELKIND_PARTITIONED_INDEX ||
4406 pg_class_tuple->relkind == RELKIND_COMPOSITE_TYPE)
4416 if (pg_class_tuple->relkind != RELKIND_SEQUENCE)
4419 AttrNumber nattrs = pg_class_tuple->relnatts;
4421 for (curr_att = 1; curr_att <= nattrs; curr_att++)
4505 Anum_pg_init_privs_objoid,
4509 Anum_pg_init_privs_classoid,
4513 Anum_pg_init_privs_objsubid,
4527 bool nulls[Natts_pg_init_privs] = {0};
4528 bool replace[Natts_pg_init_privs] = {0};
4534 replace[Anum_pg_init_privs_initprivs - 1] =
true;
4550 bool nulls[Natts_pg_init_privs] = {0};
4566 values[Anum_pg_init_privs_privtype - 1] =
Acl * aclupdate(const Acl *old_acl, const AclItem *mod_aip, int modechg, Oid ownerId, DropBehavior behavior)
bool aclequal(const Acl *left_acl, const Acl *right_acl)
void select_best_grantor(Oid roleId, AclMode privileges, const Acl *acl, Oid ownerId, Oid *grantorId, AclMode *grantOptions)
bool has_privs_of_role(Oid member, Oid role)
int aclmembers(const Acl *acl, Oid **roleids)
Acl * aclconcat(const Acl *left_acl, const Acl *right_acl)
Acl * aclcopy(const Acl *orig_acl)
void aclitemsort(Acl *acl)
AclMode aclmask(const Acl *acl, Oid roleid, Oid ownerId, AclMode mask, AclMaskHow how)
Acl * acldefault(ObjectType objtype, Oid ownerId)
Acl * make_empty_acl(void)
Oid get_rolespec_oid(const RoleSpec *role, bool missing_ok)
Acl * aclmerge(const Acl *left_acl, const Acl *right_acl, Oid ownerId)
#define ACL_ALL_RIGHTS_FOREIGN_SERVER
#define ACL_ALL_RIGHTS_TABLESPACE
#define ACL_ALL_RIGHTS_PARAMETER_ACL
#define ACL_ALL_RIGHTS_SCHEMA
#define ACL_ALL_RIGHTS_SEQUENCE
#define ACL_ALL_RIGHTS_DATABASE
#define ACL_ALL_RIGHTS_COLUMN
#define ACL_OPTION_TO_PRIVS(privs)
#define ACL_ALL_RIGHTS_FUNCTION
#define ACL_ALL_RIGHTS_LANGUAGE
#define ACL_ALL_RIGHTS_TYPE
#define ACL_ALL_RIGHTS_FDW
#define ACLITEM_SET_PRIVS_GOPTIONS(item, privs, goptions)
#define DatumGetAclPCopy(X)
#define ACL_ALL_RIGHTS_RELATION
#define ACL_ALL_RIGHTS_LARGEOBJECT
#define ACL_GRANT_OPTION_FOR(privs)
static AclMode pg_attribute_aclmask_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
void ExecuteGrantStmt(GrantStmt *stmt)
AclResult pg_largeobject_aclcheck_snapshot(Oid lobj_oid, Oid roleid, AclMode mode, Snapshot snapshot)
static void expand_all_col_privileges(Oid table_oid, Form_pg_class classForm, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
static void recordExtensionInitPriv(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static void expand_col_privileges(List *colnames, Oid table_oid, AclMode this_privileges, AclMode *col_privileges, int num_col_privileges)
bool has_bypassrls_privilege(Oid roleid)
AclResult pg_class_aclcheck_ext(Oid table_oid, Oid roleid, AclMode mode, bool *is_missing)
void aclcheck_error_col(AclResult aclerr, ObjectType objtype, const char *objectname, const char *colname)
void recordDependencyOnNewAcl(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, Acl *acl)
static void ExecGrant_Attribute(InternalGrant *istmt, Oid relOid, const char *relname, AttrNumber attnum, Oid ownerId, AclMode col_privileges, Relation attRelation, const Acl *old_rel_acl)
static void ExecGrant_Type_check(InternalGrant *istmt, HeapTuple tuple)
void ExecAlterDefaultPrivilegesStmt(ParseState *pstate, AlterDefaultPrivilegesStmt *stmt)
static void ExecGrantStmt_oids(InternalGrant *istmt)
static AclMode pg_largeobject_aclmask_snapshot(Oid lobj_oid, Oid roleid, AclMode mask, AclMaskHow how, Snapshot snapshot)
static AclMode pg_attribute_aclmask(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
static List * objectNamesToOids(ObjectType objtype, List *objnames, bool is_grant)
static Acl * merge_acl_with_grant(Acl *old_acl, bool is_grant, bool grant_option, DropBehavior behavior, List *grantees, AclMode privileges, Oid grantorId, Oid ownerId)
static AclMode pg_parameter_aclmask(const char *name, Oid roleid, AclMode mask, AclMaskHow how)
AclResult pg_attribute_aclcheck_all(Oid table_oid, Oid roleid, AclMode mode, AclMaskHow how)
static AclMode pg_parameter_acl_aclmask(Oid acl_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void SetDefaultACL(InternalDefaultACL *iacls)
static List * objectsInSchemaToOids(ObjectType objtype, List *nspnames)
AclResult pg_parameter_aclcheck(const char *name, Oid roleid, AclMode mode)
static void ExecGrant_common(InternalGrant *istmt, Oid classid, AclMode default_privs, void(*object_check)(InternalGrant *istmt, HeapTuple tuple))
void recordExtObjInitPriv(Oid objoid, Oid classoid)
static List * getRelationsInNamespace(Oid namespaceId, char relkind)
static AclMode pg_class_aclmask_ext(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how, bool *is_missing)
static AclMode string_to_privilege(const char *privname)
static AclMode pg_type_aclmask(Oid type_oid, Oid roleid, AclMode mask, AclMaskHow how)
void aclcheck_error(AclResult aclerr, ObjectType objtype, const char *objectname)
static AclMode object_aclmask(Oid classid, Oid objectid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Largeobject(InternalGrant *istmt)
AclResult pg_attribute_aclcheck(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode)
static AclMode restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs, AclMode privileges, Oid objectId, Oid grantorId, ObjectType objtype, const char *objname, AttrNumber att_number, const char *colname)
AclResult object_aclcheck(Oid classid, Oid objectid, Oid roleid, AclMode mode)
Acl * get_user_default_acl(ObjectType objtype, Oid ownerId, Oid nsp_oid)
static void recordExtensionInitPrivWorker(Oid objoid, Oid classoid, int objsubid, Acl *new_acl)
static AclMode pg_namespace_aclmask(Oid nsp_oid, Oid roleid, AclMode mask, AclMaskHow how)
bool object_ownercheck(Oid classid, Oid objectid, Oid roleid)
AclResult pg_attribute_aclcheck_ext(Oid table_oid, AttrNumber attnum, Oid roleid, AclMode mode, bool *is_missing)
static void SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
AclMode pg_class_aclmask(Oid table_oid, Oid roleid, AclMode mask, AclMaskHow how)
static void ExecGrant_Parameter(InternalGrant *istmt)
static const char * privilege_to_string(AclMode privilege)
void aclcheck_error_type(AclResult aclerr, Oid typeOid)
bool has_createrole_privilege(Oid roleid)
static Acl * get_default_acl_internal(Oid roleId, Oid nsp_oid, char objtype)
static void ExecGrant_Relation(InternalGrant *istmt)
bool binary_upgrade_record_init_privs
void RemoveRoleFromObjectACL(Oid roleid, Oid classid, Oid objid)
static void ExecGrant_Language_check(InternalGrant *istmt, HeapTuple tuple)
AclResult pg_class_aclcheck(Oid table_oid, Oid roleid, AclMode mode)
static AclMode pg_aclmask(ObjectType objtype, Oid object_oid, AttrNumber attnum, Oid roleid, AclMode mask, AclMaskHow how)
void removeExtObjInitPriv(Oid objoid, Oid classoid)
#define InvalidAttrNumber
Oid get_tablespace_oid(const char *tablespacename, bool missing_ok)
static Datum values[MAXATTR]
#define TextDatumGetCString(d)
#define OidIsValid(objectId)
Oid GetNewOidWithIndex(Relation relation, Oid indexId, AttrNumber oidcolumn)
bool IsSystemClass(Oid relid, Form_pg_class reltuple)
Oid get_database_oid(const char *dbname, bool missing_ok)
elog(ERROR, "%s: %s", p2, msg)
void errorConflictingDefElem(DefElem *defel, ParseState *pstate)
void performDeletion(const ObjectAddress *object, DropBehavior behavior, int flags)
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
bool EventTriggerSupportsObjectType(ObjectType obtype)
void EventTriggerCollectGrant(InternalGrant *istmt)
#define palloc0_array(type, count)
Oid get_foreign_server_oid(const char *servername, bool missing_ok)
Oid get_foreign_data_wrapper_oid(const char *fdwname, bool missing_ok)
void systable_endscan(SysScanDesc sysscan)
HeapTuple systable_getnext(SysScanDesc sysscan)
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
char * convert_GUC_name_for_parameter_acl(const char *name)
HeapTuple heap_getnext(TableScanDesc sscan, ScanDirection direction)
HeapTuple heap_form_tuple(TupleDesc tupleDescriptor, Datum *values, bool *isnull)
HeapTuple heap_modify_tuple(HeapTuple tuple, TupleDesc tupleDesc, Datum *replValues, bool *replIsnull, bool *doReplace)
bool heap_attisnull(HeapTuple tup, int attnum, TupleDesc tupleDesc)
#define HeapTupleIsValid(tuple)
static Datum heap_getattr(HeapTuple tup, int attnum, TupleDesc tupleDesc, bool *isnull)
void CatalogTupleUpdate(Relation heapRel, ItemPointer otid, HeapTuple tup)
void CatalogTupleInsert(Relation heapRel, HeapTuple tup)
void CatalogTupleDelete(Relation heapRel, ItemPointer tid)
if(TABLE==NULL||TABLE_index==NULL)
Assert(fmt[strlen(fmt) - 1] !='\n')
List * lappend(List *list, void *datum)
List * lappend_oid(List *list, Oid datum)
List * list_concat(List *list1, const List *list2)
AttrNumber get_attnum(Oid relid, const char *attname)
Oid get_element_type(Oid typid)
char * get_rel_name(Oid relid)
TypeName * makeTypeNameFromNameList(List *names)
void pfree(void *pointer)
void * palloc0(Size size)
#define IsBootstrapProcessingMode()
Oid LookupExplicitNamespace(const char *nspname, bool missing_ok)
bool isTempNamespace(Oid namespaceId)
Oid get_namespace_oid(const char *nspname, bool missing_ok)
#define RangeVarGetRelid(relation, lockmode, missing_ok)
#define InvokeObjectPostCreateHook(classId, objectId, subId)
#define InvokeObjectPostAlterHook(classId, objectId, subId)
AttrNumber get_object_attnum_owner(Oid class_id)
AttrNumber get_object_attnum_oid(Oid class_id)
AttrNumber get_object_attnum_name(Oid class_id)
AttrNumber get_object_attnum_acl(Oid class_id)
int get_object_catcache_oid(Oid class_id)
Oid get_object_oid_index(Oid class_id)
ObjectType get_object_type(Oid class_id, Oid object_id)
const char * get_object_class_descr(Oid class_id)
Oid LookupFuncWithArgs(ObjectType objtype, ObjectWithArgs *func, bool missing_ok)
Oid typenameTypeId(ParseState *pstate, const TypeName *typeName)
@ OBJECT_PUBLICATION_NAMESPACE
@ ACL_TARGET_ALL_IN_SCHEMA
FormData_pg_attribute * Form_pg_attribute
FormData_pg_authid * Form_pg_authid
static PgChecksumMode mode
FormData_pg_class * Form_pg_class
FormData_pg_default_acl * Form_pg_default_acl
void recordDependencyOn(const ObjectAddress *depender, const ObjectAddress *referenced, DependencyType behavior)
FormData_pg_language * Form_pg_language
bool LargeObjectExists(Oid loid)
#define list_make1_oid(x1)
FormData_pg_namespace * Form_pg_namespace
Oid ParameterAclLookup(const char *parameter, bool missing_ok)
Oid ParameterAclCreate(const char *parameter)
FormData_pg_proc * Form_pg_proc
void updateAclDependencies(Oid classId, Oid objectId, int32 objsubId, Oid ownerId, int noldmembers, Oid *oldmembers, int nnewmembers, Oid *newmembers)
void recordDependencyOnOwner(Oid classId, Oid objectId, Oid owner)
FormData_pg_type * Form_pg_type
#define ERRCODE_UNDEFINED_TABLE
static Datum PointerGetDatum(const void *X)
static Name DatumGetName(Datum X)
static Oid DatumGetObjectId(Datum X)
static Datum Int16GetDatum(int16 X)
static Datum ObjectIdGetDatum(Oid X)
static Pointer DatumGetPointer(Datum X)
static Datum Int32GetDatum(int32 X)
static Datum CharGetDatum(char X)
Oid get_language_oid(const char *langname, bool missing_ok)
#define RelationGetDescr(relation)
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
#define BTEqualStrategyNumber
bool superuser_arg(Oid roleid)
#define FirstLowInvalidHeapAttributeNumber
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
HeapTuple SearchSysCache3(int cacheId, Datum key1, Datum key2, Datum key3)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
HeapTuple SearchSysCache2(int cacheId, Datum key1, Datum key2)
Datum SysCacheGetAttrNotNull(int cacheId, HeapTuple tup, AttrNumber attributeNumber)
void table_close(Relation relation, LOCKMODE lockmode)
Relation table_open(Oid relationId, LOCKMODE lockmode)
TableScanDesc table_beginscan_catalog(Relation relation, int nkeys, struct ScanKeyData *key)
static void table_endscan(TableScanDesc scan)
text * cstring_to_text(const char *s)
void CommandCounterIncrement(void)