| blob | 1d903babd33e7d79c16e9d95df4403c997e5ee61 |
1 --
2 -- Test access privileges
3 --
4 -- Clean up in case a prior regression run failed
5 -- Suppress NOTICE messages when users/groups don't exist
6 SET client_min_messages TO 'warning';
7 DROP ROLE IF EXISTS regress_priv_group1;
8 DROP ROLE IF EXISTS regress_priv_group2;
9 DROP ROLE IF EXISTS regress_priv_user1;
10 DROP ROLE IF EXISTS regress_priv_user2;
11 DROP ROLE IF EXISTS regress_priv_user3;
12 DROP ROLE IF EXISTS regress_priv_user4;
13 DROP ROLE IF EXISTS regress_priv_user5;
14 DROP ROLE IF EXISTS regress_priv_user6;
15 DROP ROLE IF EXISTS regress_priv_user7;
16 SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
17 lo_unlink
18 -----------
19 (0 rows)
21 RESET client_min_messages;
22 -- test proper begins here
23 CREATE USER regress_priv_user1;
24 CREATE USER regress_priv_user2;
25 CREATE USER regress_priv_user3;
26 CREATE USER regress_priv_user4;
27 CREATE USER regress_priv_user5;
28 CREATE USER regress_priv_user5; -- duplicate
29 ERROR: role "regress_priv_user5" already exists
30 CREATE USER regress_priv_user6;
31 CREATE USER regress_priv_user7;
32 CREATE USER regress_priv_user8;
33 CREATE USER regress_priv_user9;
34 CREATE USER regress_priv_user10;
35 CREATE ROLE regress_priv_role;
36 -- circular ADMIN OPTION grants should be disallowed
37 GRANT regress_priv_user1 TO regress_priv_user2 WITH ADMIN OPTION;
38 GRANT regress_priv_user1 TO regress_priv_user3 WITH ADMIN OPTION GRANTED BY regress_priv_user2;
39 GRANT regress_priv_user1 TO regress_priv_user2 WITH ADMIN OPTION GRANTED BY regress_priv_user3;
40 ERROR: ADMIN option cannot be granted back to your own grantor
41 -- need CASCADE to revoke grant or admin option if dependent grants exist
42 REVOKE ADMIN OPTION FOR regress_priv_user1 FROM regress_priv_user2; -- fail
43 ERROR: dependent privileges exist
44 HINT: Use CASCADE to revoke them too.
45 REVOKE regress_priv_user1 FROM regress_priv_user2; -- fail
46 ERROR: dependent privileges exist
47 HINT: Use CASCADE to revoke them too.
48 SELECT member::regrole, admin_option FROM pg_auth_members WHERE roleid = 'regress_priv_user1'::regrole;
49 member | admin_option
50 --------------------+--------------
51 regress_priv_user2 | t
52 regress_priv_user3 | t
53 (2 rows)
55 BEGIN;
56 REVOKE ADMIN OPTION FOR regress_priv_user1 FROM regress_priv_user2 CASCADE;
57 SELECT member::regrole, admin_option FROM pg_auth_members WHERE roleid = 'regress_priv_user1'::regrole;
58 member | admin_option
59 --------------------+--------------
60 regress_priv_user2 | f
61 (1 row)
63 ROLLBACK;
64 REVOKE regress_priv_user1 FROM regress_priv_user2 CASCADE;
65 SELECT member::regrole, admin_option FROM pg_auth_members WHERE roleid = 'regress_priv_user1'::regrole;
66 member | admin_option
67 --------+--------------
68 (0 rows)
70 -- inferred grantor must be a role with ADMIN OPTION
71 GRANT regress_priv_user1 TO regress_priv_user2 WITH ADMIN OPTION;
72 GRANT regress_priv_user2 TO regress_priv_user3;
73 SET ROLE regress_priv_user3;
74 GRANT regress_priv_user1 TO regress_priv_user4;
75 SELECT grantor::regrole FROM pg_auth_members WHERE roleid = 'regress_priv_user1'::regrole and member = 'regress_priv_user4'::regrole;
76 grantor
77 --------------------
78 regress_priv_user2
79 (1 row)
81 RESET ROLE;
82 REVOKE regress_priv_user2 FROM regress_priv_user3;
83 REVOKE regress_priv_user1 FROM regress_priv_user2 CASCADE;
84 -- test GRANTED BY with DROP OWNED and REASSIGN OWNED
85 GRANT regress_priv_user1 TO regress_priv_user2 WITH ADMIN OPTION;
86 GRANT regress_priv_user1 TO regress_priv_user3 GRANTED BY regress_priv_user2;
87 DROP ROLE regress_priv_user2; -- fail, dependency
88 ERROR: role "regress_priv_user2" cannot be dropped because some objects depend on it
89 DETAIL: privileges for membership of role regress_priv_user3 in role regress_priv_user1
90 REASSIGN OWNED BY regress_priv_user2 TO regress_priv_user4;
91 DROP ROLE regress_priv_user2; -- still fail, REASSIGN OWNED doesn't help
92 ERROR: role "regress_priv_user2" cannot be dropped because some objects depend on it
93 DETAIL: privileges for membership of role regress_priv_user3 in role regress_priv_user1
94 DROP OWNED BY regress_priv_user2;
95 DROP ROLE regress_priv_user2; -- ok now, DROP OWNED does the job
96 -- test that removing granted role or grantee role removes dependency
97 GRANT regress_priv_user1 TO regress_priv_user3 WITH ADMIN OPTION;
98 GRANT regress_priv_user1 TO regress_priv_user4 GRANTED BY regress_priv_user3;
99 DROP ROLE regress_priv_user3; -- should fail, dependency
100 ERROR: role "regress_priv_user3" cannot be dropped because some objects depend on it
101 DETAIL: privileges for membership of role regress_priv_user4 in role regress_priv_user1
102 DROP ROLE regress_priv_user4; -- ok
103 DROP ROLE regress_priv_user3; -- ok now
104 GRANT regress_priv_user1 TO regress_priv_user5 WITH ADMIN OPTION;
105 GRANT regress_priv_user1 TO regress_priv_user6 GRANTED BY regress_priv_user5;
106 DROP ROLE regress_priv_user5; -- should fail, dependency
107 ERROR: role "regress_priv_user5" cannot be dropped because some objects depend on it
108 DETAIL: privileges for membership of role regress_priv_user6 in role regress_priv_user1
109 DROP ROLE regress_priv_user1, regress_priv_user5; -- ok, despite order
110 -- recreate the roles we just dropped
111 CREATE USER regress_priv_user1;
112 CREATE USER regress_priv_user2;
113 CREATE USER regress_priv_user3;
114 CREATE USER regress_priv_user4;
115 CREATE USER regress_priv_user5;
116 GRANT pg_read_all_data TO regress_priv_user6;
117 GRANT pg_write_all_data TO regress_priv_user7;
118 GRANT pg_read_all_settings TO regress_priv_user8 WITH ADMIN OPTION;
119 GRANT regress_priv_user9 TO regress_priv_user8;
120 SET SESSION AUTHORIZATION regress_priv_user8;
121 GRANT pg_read_all_settings TO regress_priv_user9 WITH ADMIN OPTION;
122 SET SESSION AUTHORIZATION regress_priv_user9;
123 GRANT pg_read_all_settings TO regress_priv_user10;
124 SET SESSION AUTHORIZATION regress_priv_user8;
125 REVOKE pg_read_all_settings FROM regress_priv_user10 GRANTED BY regress_priv_user9;
126 REVOKE ADMIN OPTION FOR pg_read_all_settings FROM regress_priv_user9;
127 REVOKE pg_read_all_settings FROM regress_priv_user9;
128 RESET SESSION AUTHORIZATION;
129 REVOKE regress_priv_user9 FROM regress_priv_user8;
130 REVOKE ADMIN OPTION FOR pg_read_all_settings FROM regress_priv_user8;
131 SET SESSION AUTHORIZATION regress_priv_user8;
132 SET ROLE pg_read_all_settings;
133 RESET ROLE;
134 RESET SESSION AUTHORIZATION;
135 REVOKE SET OPTION FOR pg_read_all_settings FROM regress_priv_user8;
136 GRANT pg_read_all_stats TO regress_priv_user8 WITH SET FALSE;
137 SET SESSION AUTHORIZATION regress_priv_user8;
138 SET ROLE pg_read_all_settings; -- fail, no SET option any more
139 ERROR: permission denied to set role "pg_read_all_settings"
140 SET ROLE pg_read_all_stats; -- fail, granted without SET option
141 ERROR: permission denied to set role "pg_read_all_stats"
142 RESET ROLE;
143 RESET SESSION AUTHORIZATION;
144 REVOKE pg_read_all_settings FROM regress_priv_user8;
145 DROP USER regress_priv_user10;
146 DROP USER regress_priv_user9;
147 DROP USER regress_priv_user8;
148 CREATE GROUP regress_priv_group1;
149 CREATE GROUP regress_priv_group2 WITH ADMIN regress_priv_user1 USER regress_priv_user2;
150 ALTER GROUP regress_priv_group1 ADD USER regress_priv_user4;
151 GRANT regress_priv_group2 TO regress_priv_user2 GRANTED BY regress_priv_user1;
152 SET SESSION AUTHORIZATION regress_priv_user1;
153 ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2;
154 NOTICE: role "regress_priv_user2" has already been granted membership in role "regress_priv_group2" by role "regress_priv_user1"
155 ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2; -- duplicate
156 NOTICE: role "regress_priv_user2" has already been granted membership in role "regress_priv_group2" by role "regress_priv_user1"
157 ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2;
158 ALTER USER regress_priv_user2 PASSWORD 'verysecret'; -- not permitted
159 ERROR: permission denied to alter role
160 DETAIL: To change another role's password, the current user must have the CREATEROLE attribute and the ADMIN option on the role.
161 RESET SESSION AUTHORIZATION;
162 ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2;
163 REVOKE ADMIN OPTION FOR regress_priv_group2 FROM regress_priv_user1;
164 GRANT regress_priv_group2 TO regress_priv_user4 WITH ADMIN OPTION;
165 -- prepare non-leakproof function for later
166 CREATE FUNCTION leak(integer,integer) RETURNS boolean
167 AS 'int4lt'
168 LANGUAGE internal IMMUTABLE STRICT; -- but deliberately not LEAKPROOF
169 ALTER FUNCTION leak(integer,integer) OWNER TO regress_priv_user1;
170 -- test owner privileges
171 GRANT regress_priv_role TO regress_priv_user1 WITH ADMIN OPTION GRANTED BY regress_priv_role; -- error, doesn't have ADMIN OPTION
172 ERROR: permission denied to grant privileges as role "regress_priv_role"
173 DETAIL: The grantor must have the ADMIN option on role "regress_priv_role".
174 GRANT regress_priv_role TO regress_priv_user1 WITH ADMIN OPTION GRANTED BY CURRENT_ROLE;
175 REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY foo; -- error
176 ERROR: role "foo" does not exist
177 REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY regress_priv_user2; -- warning, noop
178 WARNING: role "regress_priv_user1" has not been granted membership in role "regress_priv_role" by role "regress_priv_user2"
179 REVOKE ADMIN OPTION FOR regress_priv_role FROM regress_priv_user1 GRANTED BY CURRENT_USER;
180 REVOKE regress_priv_role FROM regress_priv_user1 GRANTED BY CURRENT_ROLE;
181 DROP ROLE regress_priv_role;
182 SET SESSION AUTHORIZATION regress_priv_user1;
183 SELECT session_user, current_user;
184 session_user | current_user
185 --------------------+--------------------
186 regress_priv_user1 | regress_priv_user1
187 (1 row)
189 CREATE TABLE atest1 ( a int, b text );
190 SELECT * FROM atest1;
191 a | b
192 ---+---
193 (0 rows)
195 INSERT INTO atest1 VALUES (1, 'one');
196 DELETE FROM atest1;
197 UPDATE atest1 SET a = 1 WHERE b = 'blech';
198 TRUNCATE atest1;
199 BEGIN;
200 LOCK atest1 IN ACCESS EXCLUSIVE MODE;
201 COMMIT;
202 REVOKE ALL ON atest1 FROM PUBLIC;
203 SELECT * FROM atest1;
204 a | b
205 ---+---
206 (0 rows)
208 GRANT ALL ON atest1 TO regress_priv_user2;
209 GRANT SELECT ON atest1 TO regress_priv_user3, regress_priv_user4;
210 SELECT * FROM atest1;
211 a | b
212 ---+---
213 (0 rows)
215 CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
216 SELECT pg_get_acl('pg_class'::regclass, 'atest2'::regclass::oid, 0);
217 pg_get_acl
218 ------------
220 (1 row)
222 GRANT SELECT ON atest2 TO regress_priv_user2;
223 GRANT UPDATE ON atest2 TO regress_priv_user3;
224 GRANT INSERT ON atest2 TO regress_priv_user4 GRANTED BY CURRENT_USER;
225 GRANT TRUNCATE ON atest2 TO regress_priv_user5 GRANTED BY CURRENT_ROLE;
226 SELECT unnest(pg_get_acl('pg_class'::regclass, 'atest2'::regclass::oid, 0));
227 unnest
228 ------------------------------------------------
229 regress_priv_user1=arwdDxtm/regress_priv_user1
230 regress_priv_user2=r/regress_priv_user1
231 regress_priv_user3=w/regress_priv_user1
232 regress_priv_user4=a/regress_priv_user1
233 regress_priv_user5=D/regress_priv_user1
234 (5 rows)
236 -- Invalid inputs
237 SELECT pg_get_acl('pg_class'::regclass, 0, 0); -- null
238 pg_get_acl
239 ------------
241 (1 row)
243 SELECT pg_get_acl(0, 0, 0); -- null
244 pg_get_acl
245 ------------
247 (1 row)
249 GRANT TRUNCATE ON atest2 TO regress_priv_user4 GRANTED BY regress_priv_user5; -- error
250 ERROR: grantor must be current user
251 SET SESSION AUTHORIZATION regress_priv_user2;
252 SELECT session_user, current_user;
253 session_user | current_user
254 --------------------+--------------------
255 regress_priv_user2 | regress_priv_user2
256 (1 row)
258 -- try various combinations of queries on atest1 and atest2
259 SELECT * FROM atest1; -- ok
260 a | b
261 ---+---
262 (0 rows)
264 SELECT * FROM atest2; -- ok
265 col1 | col2
266 ------+------
267 (0 rows)
269 INSERT INTO atest1 VALUES (2, 'two'); -- ok
270 INSERT INTO atest2 VALUES ('foo', true); -- fail
271 ERROR: permission denied for table atest2
272 INSERT INTO atest1 SELECT 1, b FROM atest1; -- ok
273 UPDATE atest1 SET a = 1 WHERE a = 2; -- ok
274 UPDATE atest2 SET col2 = NOT col2; -- fail
275 ERROR: permission denied for table atest2
276 SELECT * FROM atest1 FOR UPDATE; -- ok
277 a | b
278 ---+-----
279 1 | two
280 1 | two
281 (2 rows)
283 SELECT * FROM atest2 FOR UPDATE; -- fail
284 ERROR: permission denied for table atest2
285 DELETE FROM atest2; -- fail
286 ERROR: permission denied for table atest2
287 TRUNCATE atest2; -- fail
288 ERROR: permission denied for table atest2
289 BEGIN;
290 LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- fail
291 ERROR: permission denied for table atest2
292 COMMIT;
293 COPY atest2 FROM stdin; -- fail
294 ERROR: permission denied for table atest2
295 GRANT ALL ON atest1 TO PUBLIC; -- fail
296 WARNING: no privileges were granted for "atest1"
297 -- checks in subquery, both ok
298 SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
299 a | b
300 ---+---
301 (0 rows)
303 SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
304 col1 | col2
305 ------+------
306 (0 rows)
308 SET SESSION AUTHORIZATION regress_priv_user6;
309 SELECT * FROM atest1; -- ok
310 a | b
311 ---+-----
312 1 | two
313 1 | two
314 (2 rows)
316 SELECT * FROM atest2; -- ok
317 col1 | col2
318 ------+------
319 (0 rows)
321 INSERT INTO atest2 VALUES ('foo', true); -- fail
322 ERROR: permission denied for table atest2
323 SET SESSION AUTHORIZATION regress_priv_user7;
324 SELECT * FROM atest1; -- fail
325 ERROR: permission denied for table atest1
326 SELECT * FROM atest2; -- fail
327 ERROR: permission denied for table atest2
328 INSERT INTO atest2 VALUES ('foo', true); -- ok
329 UPDATE atest2 SET col2 = true; -- ok
330 DELETE FROM atest2; -- ok
331 -- Make sure we are not able to modify system catalogs
332 UPDATE pg_catalog.pg_class SET relname = '123'; -- fail
333 ERROR: permission denied for table pg_class
334 DELETE FROM pg_catalog.pg_class; -- fail
335 ERROR: permission denied for table pg_class
336 UPDATE pg_toast.pg_toast_1213 SET chunk_id = 1; -- fail
337 ERROR: permission denied for table pg_toast_1213
338 SET SESSION AUTHORIZATION regress_priv_user3;
339 SELECT session_user, current_user;
340 session_user | current_user
341 --------------------+--------------------
342 regress_priv_user3 | regress_priv_user3
343 (1 row)
345 SELECT * FROM atest1; -- ok
346 a | b
347 ---+-----
348 1 | two
349 1 | two
350 (2 rows)
352 SELECT * FROM atest2; -- fail
353 ERROR: permission denied for table atest2
354 INSERT INTO atest1 VALUES (2, 'two'); -- fail
355 ERROR: permission denied for table atest1
356 INSERT INTO atest2 VALUES ('foo', true); -- fail
357 ERROR: permission denied for table atest2
358 INSERT INTO atest1 SELECT 1, b FROM atest1; -- fail
359 ERROR: permission denied for table atest1
360 UPDATE atest1 SET a = 1 WHERE a = 2; -- fail
361 ERROR: permission denied for table atest1
362 UPDATE atest2 SET col2 = NULL; -- ok
363 UPDATE atest2 SET col2 = NOT col2; -- fails; requires SELECT on atest2
364 ERROR: permission denied for table atest2
365 UPDATE atest2 SET col2 = true FROM atest1 WHERE atest1.a = 5; -- ok
366 SELECT * FROM atest1 FOR UPDATE; -- fail
367 ERROR: permission denied for table atest1
368 SELECT * FROM atest2 FOR UPDATE; -- fail
369 ERROR: permission denied for table atest2
370 DELETE FROM atest2; -- fail
371 ERROR: permission denied for table atest2
372 TRUNCATE atest2; -- fail
373 ERROR: permission denied for table atest2
374 BEGIN;
375 LOCK atest2 IN ACCESS EXCLUSIVE MODE; -- ok
376 COMMIT;
377 COPY atest2 FROM stdin; -- fail
378 ERROR: permission denied for table atest2
379 -- checks in subquery, both fail
380 SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
381 ERROR: permission denied for table atest2
382 SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
383 ERROR: permission denied for table atest2
384 SET SESSION AUTHORIZATION regress_priv_user4;
385 COPY atest2 FROM stdin; -- ok
386 SELECT * FROM atest1; -- ok
387 a | b
388 ---+-----
389 1 | two
390 1 | two
391 (2 rows)
393 -- test leaky-function protections in selfuncs
394 -- regress_priv_user1 will own a table and provide views for it.
395 SET SESSION AUTHORIZATION regress_priv_user1;
396 CREATE TABLE atest12 as
397 SELECT x AS a, 10001 - x AS b FROM generate_series(1,10000) x;
398 CREATE INDEX ON atest12 (a);
399 CREATE INDEX ON atest12 (abs(a));
400 -- results below depend on having quite accurate stats for atest12, so...
401 ALTER TABLE atest12 SET (autovacuum_enabled = off);
402 SET default_statistics_target = 10000;
403 VACUUM ANALYZE atest12;
404 RESET default_statistics_target;
405 CREATE OPERATOR <<< (procedure = leak, leftarg = integer, rightarg = integer,
406 restrict = scalarltsel);
407 -- views with leaky operator
408 CREATE VIEW atest12v AS
409 SELECT * FROM atest12 WHERE b <<< 5;
410 CREATE VIEW atest12sbv WITH (security_barrier=true) AS
411 SELECT * FROM atest12 WHERE b <<< 5;
412 GRANT SELECT ON atest12v TO PUBLIC;
413 GRANT SELECT ON atest12sbv TO PUBLIC;
414 -- This plan should use nestloop, knowing that few rows will be selected.
415 EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
416 QUERY PLAN
417 -------------------------------------------------
418 Nested Loop
419 -> Seq Scan on atest12 atest12_1
420 Filter: (b <<< 5)
421 -> Index Scan using atest12_a_idx on atest12
422 Index Cond: (a = atest12_1.b)
423 Filter: (b <<< 5)
424 (6 rows)
426 -- And this one.
427 EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
428 WHERE x.a = y.b and abs(y.a) <<< 5;
429 QUERY PLAN
430 ---------------------------------------------------
431 Nested Loop
432 -> Seq Scan on atest12 y
433 Filter: (abs(a) <<< 5)
434 -> Index Scan using atest12_a_idx on atest12 x
435 Index Cond: (a = y.b)
436 (5 rows)
438 -- This should also be a nestloop, but the security barrier forces the inner
439 -- scan to be materialized
440 EXPLAIN (COSTS OFF) SELECT * FROM atest12sbv x, atest12sbv y WHERE x.a = y.b;
441 QUERY PLAN
442 -------------------------------------------
443 Nested Loop
444 Join Filter: (atest12.a = atest12_1.b)
445 -> Seq Scan on atest12
446 Filter: (b <<< 5)
447 -> Materialize
448 -> Seq Scan on atest12 atest12_1
449 Filter: (b <<< 5)
450 (7 rows)
452 -- Check if regress_priv_user2 can break security.
453 SET SESSION AUTHORIZATION regress_priv_user2;
454 CREATE FUNCTION leak2(integer,integer) RETURNS boolean
455 AS $$begin raise notice 'leak % %', $1, $2; return $1 > $2; end$$
456 LANGUAGE plpgsql immutable;
457 CREATE OPERATOR >>> (procedure = leak2, leftarg = integer, rightarg = integer,
458 restrict = scalargtsel);
459 -- This should not show any "leak" notices before failing.
460 EXPLAIN (COSTS OFF) SELECT * FROM atest12 WHERE a >>> 0;
461 ERROR: permission denied for table atest12
462 -- These plans should continue to use a nestloop, since they execute with the
463 -- privileges of the view owner.
464 EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
465 QUERY PLAN
466 -------------------------------------------------
467 Nested Loop
468 -> Seq Scan on atest12 atest12_1
469 Filter: (b <<< 5)
470 -> Index Scan using atest12_a_idx on atest12
471 Index Cond: (a = atest12_1.b)
472 Filter: (b <<< 5)
473 (6 rows)
475 EXPLAIN (COSTS OFF) SELECT * FROM atest12sbv x, atest12sbv y WHERE x.a = y.b;
476 QUERY PLAN
477 -------------------------------------------
478 Nested Loop
479 Join Filter: (atest12.a = atest12_1.b)
480 -> Seq Scan on atest12
481 Filter: (b <<< 5)
482 -> Materialize
483 -> Seq Scan on atest12 atest12_1
484 Filter: (b <<< 5)
485 (7 rows)
487 -- A non-security barrier view does not guard against information leakage.
488 EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y
489 WHERE x.a = y.b and abs(y.a) <<< 5;
490 QUERY PLAN
491 -------------------------------------------------
492 Nested Loop
493 -> Seq Scan on atest12 atest12_1
494 Filter: ((b <<< 5) AND (abs(a) <<< 5))
495 -> Index Scan using atest12_a_idx on atest12
496 Index Cond: (a = atest12_1.b)
497 Filter: (b <<< 5)
498 (6 rows)
500 -- But a security barrier view isolates the leaky operator.
501 EXPLAIN (COSTS OFF) SELECT * FROM atest12sbv x, atest12sbv y
502 WHERE x.a = y.b and abs(y.a) <<< 5;
503 QUERY PLAN
504 -------------------------------------
505 Nested Loop
506 Join Filter: (atest12_1.a = y.b)
507 -> Subquery Scan on y
508 Filter: (abs(y.a) <<< 5)
509 -> Seq Scan on atest12
510 Filter: (b <<< 5)
511 -> Seq Scan on atest12 atest12_1
512 Filter: (b <<< 5)
513 (8 rows)
515 -- Now regress_priv_user1 grants sufficient access to regress_priv_user2.
516 SET SESSION AUTHORIZATION regress_priv_user1;
517 GRANT SELECT (a, b) ON atest12 TO PUBLIC;
518 SET SESSION AUTHORIZATION regress_priv_user2;
519 -- regress_priv_user2 should continue to get a good row estimate.
520 EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
521 QUERY PLAN
522 -------------------------------------------------
523 Nested Loop
524 -> Seq Scan on atest12 atest12_1
525 Filter: (b <<< 5)
526 -> Index Scan using atest12_a_idx on atest12
527 Index Cond: (a = atest12_1.b)
528 Filter: (b <<< 5)
529 (6 rows)
531 -- But not for this, due to lack of table-wide permissions needed
532 -- to make use of the expression index's statistics.
533 EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
534 WHERE x.a = y.b and abs(y.a) <<< 5;
535 QUERY PLAN
536 --------------------------------------
537 Hash Join
538 Hash Cond: (x.a = y.b)
539 -> Seq Scan on atest12 x
540 -> Hash
541 -> Seq Scan on atest12 y
542 Filter: (abs(a) <<< 5)
543 (6 rows)
545 -- clean up (regress_priv_user1's objects are all dropped later)
546 DROP FUNCTION leak2(integer, integer) CASCADE;
547 NOTICE: drop cascades to operator >>>(integer,integer)
548 -- groups
549 SET SESSION AUTHORIZATION regress_priv_user3;
550 CREATE TABLE atest3 (one int, two int, three int);
551 GRANT DELETE ON atest3 TO GROUP regress_priv_group2;
552 SET SESSION AUTHORIZATION regress_priv_user1;
553 SELECT * FROM atest3; -- fail
554 ERROR: permission denied for table atest3
555 DELETE FROM atest3; -- ok
556 BEGIN;
557 RESET SESSION AUTHORIZATION;
558 ALTER ROLE regress_priv_user1 NOINHERIT;
559 SET SESSION AUTHORIZATION regress_priv_user1;
560 SAVEPOINT s1;
561 DELETE FROM atest3; -- ok because grant-level option is unchanged
562 ROLLBACK TO s1;
563 RESET SESSION AUTHORIZATION;
564 GRANT regress_priv_group2 TO regress_priv_user1 WITH INHERIT FALSE;
565 SET SESSION AUTHORIZATION regress_priv_user1;
566 DELETE FROM atest3; -- fail
567 ERROR: permission denied for table atest3
568 ROLLBACK TO s1;
569 RESET SESSION AUTHORIZATION;
570 REVOKE INHERIT OPTION FOR regress_priv_group2 FROM regress_priv_user1;
571 SET SESSION AUTHORIZATION regress_priv_user1;
572 DELETE FROM atest3; -- also fail
573 ERROR: permission denied for table atest3
574 ROLLBACK;
575 -- views
576 SET SESSION AUTHORIZATION regress_priv_user3;
577 CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
578 /* The next *should* fail, but it's not implemented that way yet. */
579 CREATE VIEW atestv2 AS SELECT * FROM atest2;
580 CREATE VIEW atestv3 AS SELECT * FROM atest3; -- ok
581 /* Empty view is a corner case that failed in 9.2. */
582 CREATE VIEW atestv0 AS SELECT 0 as x WHERE false; -- ok
583 SELECT * FROM atestv1; -- ok
584 a | b
585 ---+-----
586 1 | two
587 1 | two
588 (2 rows)
590 SELECT * FROM atestv2; -- fail
591 ERROR: permission denied for table atest2
592 GRANT SELECT ON atestv1, atestv3 TO regress_priv_user4;
593 GRANT SELECT ON atestv2 TO regress_priv_user2;
594 SET SESSION AUTHORIZATION regress_priv_user4;
595 SELECT * FROM atestv1; -- ok
596 a | b
597 ---+-----
598 1 | two
599 1 | two
600 (2 rows)
602 SELECT * FROM atestv2; -- fail
603 ERROR: permission denied for view atestv2
604 SELECT * FROM atestv3; -- ok
605 one | two | three
606 -----+-----+-------
607 (0 rows)
609 SELECT * FROM atestv0; -- fail
610 ERROR: permission denied for view atestv0
611 -- Appendrels excluded by constraints failed to check permissions in 8.4-9.2.
612 select * from
613 ((select a.q1 as x from int8_tbl a offset 0)
614 union all
615 (select b.q2 as x from int8_tbl b offset 0)) ss
616 where false;
617 ERROR: permission denied for table int8_tbl
618 set constraint_exclusion = on;
619 select * from
620 ((select a.q1 as x, random() from int8_tbl a where q1 > 0)
621 union all
622 (select b.q2 as x, random() from int8_tbl b where q2 > 0)) ss
623 where x < 0;
624 ERROR: permission denied for table int8_tbl
625 reset constraint_exclusion;
626 CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view
627 SELECT * FROM atestv4; -- ok
628 one | two | three
629 -----+-----+-------
630 (0 rows)
632 GRANT SELECT ON atestv4 TO regress_priv_user2;
633 SET SESSION AUTHORIZATION regress_priv_user2;
634 -- Two complex cases:
635 SELECT * FROM atestv3; -- fail
636 ERROR: permission denied for view atestv3
637 SELECT * FROM atestv4; -- ok (even though regress_priv_user2 cannot access underlying atestv3)
638 one | two | three
639 -----+-----+-------
640 (0 rows)
642 SELECT * FROM atest2; -- ok
643 col1 | col2
644 ------+------
645 bar | t
646 (1 row)
648 SELECT * FROM atestv2; -- fail (even though regress_priv_user2 can access underlying atest2)
649 ERROR: permission denied for table atest2
650 -- Test column level permissions
651 SET SESSION AUTHORIZATION regress_priv_user1;
652 CREATE TABLE atest5 (one int, two int unique, three int, four int unique);
653 CREATE TABLE atest6 (one int, two int, blue int);
654 GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user4;
655 GRANT ALL (one) ON atest5 TO regress_priv_user3;
656 SELECT unnest(pg_get_acl('pg_class'::regclass, 'atest5'::regclass::oid, 1));
657 unnest
658 --------------------------------------------
659 regress_priv_user4=r/regress_priv_user1
660 regress_priv_user3=arwx/regress_priv_user1
661 (2 rows)
663 SELECT unnest(pg_get_acl('pg_class'::regclass, 'atest5'::regclass::oid, 2));
664 unnest
665 -----------------------------------------
666 regress_priv_user4=a/regress_priv_user1
667 (1 row)
669 SELECT unnest(pg_get_acl('pg_class'::regclass, 'atest5'::regclass::oid, 3));
670 unnest
671 -----------------------------------------
672 regress_priv_user4=w/regress_priv_user1
673 (1 row)
675 SELECT unnest(pg_get_acl('pg_class'::regclass, 'atest5'::regclass::oid, 4));
676 unnest
677 --------
678 (0 rows)
680 INSERT INTO atest5 VALUES (1,2,3);
681 SET SESSION AUTHORIZATION regress_priv_user4;
682 SELECT * FROM atest5; -- fail
683 ERROR: permission denied for table atest5
684 SELECT one FROM atest5; -- ok
685 one
686 -----
687 1
688 (1 row)
690 COPY atest5 (one) TO stdout; -- ok
691 1
692 SELECT two FROM atest5; -- fail
693 ERROR: permission denied for table atest5
694 COPY atest5 (two) TO stdout; -- fail
695 ERROR: permission denied for table atest5
696 SELECT atest5 FROM atest5; -- fail
697 ERROR: permission denied for table atest5
698 COPY atest5 (one,two) TO stdout; -- fail
699 ERROR: permission denied for table atest5
700 SELECT 1 FROM atest5; -- ok
701 ?column?
702 ----------
703 1
704 (1 row)
706 SELECT 1 FROM atest5 a JOIN atest5 b USING (one); -- ok
707 ?column?
708 ----------
709 1
710 (1 row)
712 SELECT 1 FROM atest5 a JOIN atest5 b USING (two); -- fail
713 ERROR: permission denied for table atest5
714 SELECT 1 FROM atest5 a NATURAL JOIN atest5 b; -- fail
715 ERROR: permission denied for table atest5
716 SELECT * FROM (atest5 a JOIN atest5 b USING (one)) j; -- fail
717 ERROR: permission denied for table atest5
718 SELECT j.* FROM (atest5 a JOIN atest5 b USING (one)) j; -- fail
719 ERROR: permission denied for table atest5
720 SELECT (j.*) IS NULL FROM (atest5 a JOIN atest5 b USING (one)) j; -- fail
721 ERROR: permission denied for table atest5
722 SELECT one FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)) j; -- ok
723 one
724 -----
725 1
726 (1 row)
728 SELECT j.one FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)) j; -- ok
729 one
730 -----
731 1
732 (1 row)
734 SELECT two FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)) j; -- fail
735 ERROR: permission denied for table atest5
736 SELECT j.two FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)) j; -- fail
737 ERROR: permission denied for table atest5
738 SELECT y FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)) j; -- fail
739 ERROR: permission denied for table atest5
740 SELECT j.y FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)) j; -- fail
741 ERROR: permission denied for table atest5
742 SELECT * FROM (atest5 a JOIN atest5 b USING (one)); -- fail
743 ERROR: permission denied for table atest5
744 SELECT a.* FROM (atest5 a JOIN atest5 b USING (one)); -- fail
745 ERROR: permission denied for table atest5
746 SELECT (a.*) IS NULL FROM (atest5 a JOIN atest5 b USING (one)); -- fail
747 ERROR: permission denied for table atest5
748 SELECT two FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)); -- fail
749 ERROR: permission denied for table atest5
750 SELECT a.two FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)); -- fail
751 ERROR: permission denied for table atest5
752 SELECT y FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)); -- fail
753 ERROR: permission denied for table atest5
754 SELECT b.y FROM (atest5 a JOIN atest5 b(one,x,y,z) USING (one)); -- fail
755 ERROR: permission denied for table atest5
756 SELECT y FROM (atest5 a LEFT JOIN atest5 b(one,x,y,z) USING (one)); -- fail
757 ERROR: permission denied for table atest5
758 SELECT b.y FROM (atest5 a LEFT JOIN atest5 b(one,x,y,z) USING (one)); -- fail
759 ERROR: permission denied for table atest5
760 SELECT y FROM (atest5 a FULL JOIN atest5 b(one,x,y,z) USING (one)); -- fail
761 ERROR: permission denied for table atest5
762 SELECT b.y FROM (atest5 a FULL JOIN atest5 b(one,x,y,z) USING (one)); -- fail
763 ERROR: permission denied for table atest5
764 SELECT 1 FROM atest5 WHERE two = 2; -- fail
765 ERROR: permission denied for table atest5
766 SELECT * FROM atest1, atest5; -- fail
767 ERROR: permission denied for table atest5
768 SELECT atest1.* FROM atest1, atest5; -- ok
769 a | b
770 ---+-----
771 1 | two
772 1 | two
773 (2 rows)
775 SELECT atest1.*,atest5.one FROM atest1, atest5; -- ok
776 a | b | one
777 ---+-----+-----
778 1 | two | 1
779 1 | two | 1
780 (2 rows)
782 SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.two); -- fail
783 ERROR: permission denied for table atest5
784 SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok
785 a | b | one
786 ---+-----+-----
787 1 | two | 1
788 1 | two | 1
789 (2 rows)
791 SELECT one, two FROM atest5; -- fail
792 ERROR: permission denied for table atest5
793 SET SESSION AUTHORIZATION regress_priv_user1;
794 GRANT SELECT (one,two) ON atest6 TO regress_priv_user4;
795 SET SESSION AUTHORIZATION regress_priv_user4;
796 SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
797 ERROR: permission denied for table atest5
798 SET SESSION AUTHORIZATION regress_priv_user1;
799 GRANT SELECT (two) ON atest5 TO regress_priv_user4;
800 SET SESSION AUTHORIZATION regress_priv_user4;
801 SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
802 one | two
803 -----+-----
804 (0 rows)
806 -- test column-level privileges for INSERT and UPDATE
807 INSERT INTO atest5 (two) VALUES (3); -- ok
808 COPY atest5 FROM stdin; -- fail
809 ERROR: permission denied for table atest5
810 COPY atest5 (two) FROM stdin; -- ok
811 INSERT INTO atest5 (three) VALUES (4); -- fail
812 ERROR: permission denied for table atest5
813 INSERT INTO atest5 VALUES (5,5,5); -- fail
814 ERROR: permission denied for table atest5
815 UPDATE atest5 SET three = 10; -- ok
816 UPDATE atest5 SET one = 8; -- fail
817 ERROR: permission denied for table atest5
818 UPDATE atest5 SET three = 5, one = 2; -- fail
819 ERROR: permission denied for table atest5
820 -- Check that column level privs are enforced in RETURNING
821 -- Ok.
822 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10;
823 -- Error. No SELECT on column three.
824 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RETURNING atest5.three;
825 ERROR: permission denied for table atest5
826 -- Ok. May SELECT on column "one":
827 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = 10 RETURNING atest5.one;
828 one
829 -----
831 (1 row)
833 -- Check that column level privileges are enforced for EXCLUDED
834 -- Ok. we may select one
835 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = EXCLUDED.one;
836 -- Error. No select rights on three
837 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set three = EXCLUDED.three;
838 ERROR: permission denied for table atest5
839 INSERT INTO atest5(two) VALUES (6) ON CONFLICT (two) DO UPDATE set one = 8; -- fails (due to UPDATE)
840 ERROR: permission denied for table atest5
841 INSERT INTO atest5(three) VALUES (4) ON CONFLICT (two) DO UPDATE set three = 10; -- fails (due to INSERT)
842 ERROR: permission denied for table atest5
843 -- Check that the columns in the inference require select privileges
844 INSERT INTO atest5(four) VALUES (4); -- fail
845 ERROR: permission denied for table atest5
846 SET SESSION AUTHORIZATION regress_priv_user1;
847 GRANT INSERT (four) ON atest5 TO regress_priv_user4;
848 SET SESSION AUTHORIZATION regress_priv_user4;
849 INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT)
850 ERROR: permission denied for table atest5
851 INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT)
852 ERROR: permission denied for table atest5
853 INSERT INTO atest5(four) VALUES (4); -- ok
854 SET SESSION AUTHORIZATION regress_priv_user1;
855 GRANT SELECT (four) ON atest5 TO regress_priv_user4;
856 SET SESSION AUTHORIZATION regress_priv_user4;
857 INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- ok
858 INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- ok
859 SET SESSION AUTHORIZATION regress_priv_user1;
860 REVOKE ALL (one) ON atest5 FROM regress_priv_user4;
861 GRANT SELECT (one,two,blue) ON atest6 TO regress_priv_user4;
862 SET SESSION AUTHORIZATION regress_priv_user4;
863 SELECT one FROM atest5; -- fail
864 ERROR: permission denied for table atest5
865 UPDATE atest5 SET one = 1; -- fail
866 ERROR: permission denied for table atest5
867 SELECT atest6 FROM atest6; -- ok
868 atest6
869 --------
870 (0 rows)
872 COPY atest6 TO stdout; -- ok
873 -- test column privileges with MERGE
874 SET SESSION AUTHORIZATION regress_priv_user1;
875 CREATE TABLE mtarget (a int, b text);
876 CREATE TABLE msource (a int, b text);
877 INSERT INTO mtarget VALUES (1, 'init1'), (2, 'init2');
878 INSERT INTO msource VALUES (1, 'source1'), (2, 'source2'), (3, 'source3');
879 GRANT SELECT (a) ON msource TO regress_priv_user4;
880 GRANT SELECT (a) ON mtarget TO regress_priv_user4;
881 GRANT INSERT (a,b) ON mtarget TO regress_priv_user4;
882 GRANT UPDATE (b) ON mtarget TO regress_priv_user4;
883 SET SESSION AUTHORIZATION regress_priv_user4;
884 --
885 -- test source privileges
886 --
887 -- fail (no SELECT priv on s.b)
888 MERGE INTO mtarget t USING msource s ON t.a = s.a
889 WHEN MATCHED THEN
890 UPDATE SET b = s.b
891 WHEN NOT MATCHED THEN
892 INSERT VALUES (a, NULL);
893 ERROR: permission denied for table msource
894 -- fail (s.b used in the INSERTed values)
895 MERGE INTO mtarget t USING msource s ON t.a = s.a
896 WHEN MATCHED THEN
897 UPDATE SET b = 'x'
898 WHEN NOT MATCHED THEN
899 INSERT VALUES (a, b);
900 ERROR: permission denied for table msource
901 -- fail (s.b used in the WHEN quals)
902 MERGE INTO mtarget t USING msource s ON t.a = s.a
903 WHEN MATCHED AND s.b = 'x' THEN
904 UPDATE SET b = 'x'
905 WHEN NOT MATCHED THEN
906 INSERT VALUES (a, NULL);
907 ERROR: permission denied for table msource
908 -- this should be ok since only s.a is accessed
909 BEGIN;
910 MERGE INTO mtarget t USING msource s ON t.a = s.a
911 WHEN MATCHED THEN
912 UPDATE SET b = 'ok'
913 WHEN NOT MATCHED THEN
914 INSERT VALUES (a, NULL);
915 ROLLBACK;
916 SET SESSION AUTHORIZATION regress_priv_user1;
917 GRANT SELECT (b) ON msource TO regress_priv_user4;
918 SET SESSION AUTHORIZATION regress_priv_user4;
919 -- should now be ok
920 BEGIN;
921 MERGE INTO mtarget t USING msource s ON t.a = s.a
922 WHEN MATCHED THEN
923 UPDATE SET b = s.b
924 WHEN NOT MATCHED THEN
925 INSERT VALUES (a, b);
926 ROLLBACK;
927 --
928 -- test target privileges
929 --
930 -- fail (no SELECT priv on t.b)
931 MERGE INTO mtarget t USING msource s ON t.a = s.a
932 WHEN MATCHED THEN
933 UPDATE SET b = t.b
934 WHEN NOT MATCHED THEN
935 INSERT VALUES (a, NULL);
936 ERROR: permission denied for table mtarget
937 -- fail (no UPDATE on t.a)
938 MERGE INTO mtarget t USING msource s ON t.a = s.a
939 WHEN MATCHED THEN
940 UPDATE SET b = s.b, a = t.a + 1
941 WHEN NOT MATCHED THEN
942 INSERT VALUES (a, b);
943 ERROR: permission denied for table mtarget
944 -- fail (no SELECT on t.b)
945 MERGE INTO mtarget t USING msource s ON t.a = s.a
946 WHEN MATCHED AND t.b IS NOT NULL THEN
947 UPDATE SET b = s.b
948 WHEN NOT MATCHED THEN
949 INSERT VALUES (a, b);
950 ERROR: permission denied for table mtarget
951 -- ok
952 BEGIN;
953 MERGE INTO mtarget t USING msource s ON t.a = s.a
954 WHEN MATCHED THEN
955 UPDATE SET b = s.b;
956 ROLLBACK;
957 -- fail (no DELETE)
958 MERGE INTO mtarget t USING msource s ON t.a = s.a
959 WHEN MATCHED AND t.b IS NOT NULL THEN
960 DELETE;
961 ERROR: permission denied for table mtarget
962 -- grant delete privileges
963 SET SESSION AUTHORIZATION regress_priv_user1;
964 GRANT DELETE ON mtarget TO regress_priv_user4;
965 -- should be ok now
966 BEGIN;
967 MERGE INTO mtarget t USING msource s ON t.a = s.a
968 WHEN MATCHED AND t.b IS NOT NULL THEN
969 DELETE;
970 ROLLBACK;
971 -- check error reporting with column privs
972 SET SESSION AUTHORIZATION regress_priv_user1;
973 CREATE TABLE t1 (c1 int, c2 int, c3 int check (c3 < 5), primary key (c1, c2));
974 GRANT SELECT (c1) ON t1 TO regress_priv_user2;
975 GRANT INSERT (c1, c2, c3) ON t1 TO regress_priv_user2;
976 GRANT UPDATE (c1, c2, c3) ON t1 TO regress_priv_user2;
977 -- seed data
978 INSERT INTO t1 VALUES (1, 1, 1);
979 INSERT INTO t1 VALUES (1, 2, 1);
980 INSERT INTO t1 VALUES (2, 1, 2);
981 INSERT INTO t1 VALUES (2, 2, 2);
982 INSERT INTO t1 VALUES (3, 1, 3);
983 SET SESSION AUTHORIZATION regress_priv_user2;
984 INSERT INTO t1 (c1, c2) VALUES (1, 1); -- fail, but row not shown
985 ERROR: duplicate key value violates unique constraint "t1_pkey"
986 UPDATE t1 SET c2 = 1; -- fail, but row not shown
987 ERROR: duplicate key value violates unique constraint "t1_pkey"
988 INSERT INTO t1 (c1, c2) VALUES (null, null); -- fail, but see columns being inserted
989 ERROR: null value in column "c1" of relation "t1" violates not-null constraint
990 DETAIL: Failing row contains (c1, c2) = (null, null).
991 INSERT INTO t1 (c3) VALUES (null); -- fail, but see columns being inserted or have SELECT
992 ERROR: null value in column "c1" of relation "t1" violates not-null constraint
993 DETAIL: Failing row contains (c1, c3) = (null, null).
994 INSERT INTO t1 (c1) VALUES (5); -- fail, but see columns being inserted or have SELECT
995 ERROR: null value in column "c2" of relation "t1" violates not-null constraint
996 DETAIL: Failing row contains (c1) = (5).
997 UPDATE t1 SET c3 = 10; -- fail, but see columns with SELECT rights, or being modified
998 ERROR: new row for relation "t1" violates check constraint "t1_c3_check"
999 DETAIL: Failing row contains (c1, c3) = (1, 10).
1000 SET SESSION AUTHORIZATION regress_priv_user1;
1001 DROP TABLE t1;
1002 -- check error reporting with column privs on a partitioned table
1003 CREATE TABLE errtst(a text, b text NOT NULL, c text, secret1 text, secret2 text) PARTITION BY LIST (a);
1004 CREATE TABLE errtst_part_1(secret2 text, c text, a text, b text NOT NULL, secret1 text);
1005 CREATE TABLE errtst_part_2(secret1 text, secret2 text, a text, c text, b text NOT NULL);
1006 ALTER TABLE errtst ATTACH PARTITION errtst_part_1 FOR VALUES IN ('aaa');
1007 ALTER TABLE errtst ATTACH PARTITION errtst_part_2 FOR VALUES IN ('aaaa');
1008 GRANT SELECT (a, b, c) ON TABLE errtst TO regress_priv_user2;
1009 GRANT UPDATE (a, b, c) ON TABLE errtst TO regress_priv_user2;
1010 GRANT INSERT (a, b, c) ON TABLE errtst TO regress_priv_user2;
1011 INSERT INTO errtst_part_1 (a, b, c, secret1, secret2)
1012 VALUES ('aaa', 'bbb', 'ccc', 'the body', 'is in the attic');
1013 SET SESSION AUTHORIZATION regress_priv_user2;
1014 -- Perform a few updates that violate the NOT NULL constraint. Make sure
1015 -- the error messages don't leak the secret fields.
1016 -- simple insert.
1017 INSERT INTO errtst (a, b) VALUES ('aaa', NULL);
1018 ERROR: null value in column "b" of relation "errtst_part_1" violates not-null constraint
1019 DETAIL: Failing row contains (a, b, c) = (aaa, null, null).
1020 -- simple update.
1021 UPDATE errtst SET b = NULL;
1022 ERROR: null value in column "b" of relation "errtst_part_1" violates not-null constraint
1023 DETAIL: Failing row contains (a, b, c) = (aaa, null, ccc).
1024 -- partitioning key is updated, doesn't move the row.
1025 UPDATE errtst SET a = 'aaa', b = NULL;
1026 ERROR: null value in column "b" of relation "errtst_part_1" violates not-null constraint
1027 DETAIL: Failing row contains (a, b, c) = (aaa, null, ccc).
1028 -- row is moved to another partition.
1029 UPDATE errtst SET a = 'aaaa', b = NULL;
1030 ERROR: null value in column "b" of relation "errtst_part_2" violates not-null constraint
1031 DETAIL: Failing row contains (a, b, c) = (aaaa, null, ccc).
1032 -- row is moved to another partition. This differs from the previous case in
1033 -- that the new partition is excluded by constraint exclusion, so its
1034 -- ResultRelInfo is not created at ExecInitModifyTable, but needs to be
1035 -- constructed on the fly when the updated tuple is routed to it.
1036 UPDATE errtst SET a = 'aaaa', b = NULL WHERE a = 'aaa';
1037 ERROR: null value in column "b" of relation "errtst_part_2" violates not-null constraint
1038 DETAIL: Failing row contains (a, b, c) = (aaaa, null, ccc).
1039 SET SESSION AUTHORIZATION regress_priv_user1;
1040 DROP TABLE errtst;
1041 -- test column-level privileges when involved with DELETE
1042 SET SESSION AUTHORIZATION regress_priv_user1;
1043 ALTER TABLE atest6 ADD COLUMN three integer;
1044 GRANT DELETE ON atest5 TO regress_priv_user3;
1045 GRANT SELECT (two) ON atest5 TO regress_priv_user3;
1046 REVOKE ALL (one) ON atest5 FROM regress_priv_user3;
1047 GRANT SELECT (one) ON atest5 TO regress_priv_user4;
1048 SET SESSION AUTHORIZATION regress_priv_user4;
1049 SELECT atest6 FROM atest6; -- fail
1050 ERROR: permission denied for table atest6
1051 SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
1052 ERROR: permission denied for table atest5
1053 SET SESSION AUTHORIZATION regress_priv_user1;
1054 ALTER TABLE atest6 DROP COLUMN three;
1055 SET SESSION AUTHORIZATION regress_priv_user4;
1056 SELECT atest6 FROM atest6; -- ok
1057 atest6
1058 --------
1059 (0 rows)
1061 SELECT one FROM atest5 NATURAL JOIN atest6; -- ok
1062 one
1063 -----
1064 (0 rows)
1066 SET SESSION AUTHORIZATION regress_priv_user1;
1067 ALTER TABLE atest6 DROP COLUMN two;
1068 REVOKE SELECT (one,blue) ON atest6 FROM regress_priv_user4;
1069 SET SESSION AUTHORIZATION regress_priv_user4;
1070 SELECT * FROM atest6; -- fail
1071 ERROR: permission denied for table atest6
1072 SELECT 1 FROM atest6; -- fail
1073 ERROR: permission denied for table atest6
1074 SET SESSION AUTHORIZATION regress_priv_user3;
1075 DELETE FROM atest5 WHERE one = 1; -- fail
1076 ERROR: permission denied for table atest5
1077 DELETE FROM atest5 WHERE two = 2; -- ok
1078 -- check inheritance cases
1079 SET SESSION AUTHORIZATION regress_priv_user1;
1080 CREATE TABLE atestp1 (f1 int, f2 int);
1081 CREATE TABLE atestp2 (fx int, fy int);
1082 CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2);
1083 GRANT SELECT(fx,fy,tableoid) ON atestp2 TO regress_priv_user2;
1084 GRANT SELECT(fx) ON atestc TO regress_priv_user2;
1085 SET SESSION AUTHORIZATION regress_priv_user2;
1086 SELECT fx FROM atestp2; -- ok
1087 fx
1088 ----
1089 (0 rows)
1091 SELECT fy FROM atestp2; -- ok
1092 fy
1093 ----
1094 (0 rows)
1096 SELECT atestp2 FROM atestp2; -- ok
1097 atestp2
1098 ---------
1099 (0 rows)
1101 SELECT tableoid FROM atestp2; -- ok
1102 tableoid
1103 ----------
1104 (0 rows)
1106 SELECT fy FROM atestc; -- fail
1107 ERROR: permission denied for table atestc
1108 SET SESSION AUTHORIZATION regress_priv_user1;
1109 GRANT SELECT(fy,tableoid) ON atestc TO regress_priv_user2;
1110 SET SESSION AUTHORIZATION regress_priv_user2;
1111 SELECT fx FROM atestp2; -- still ok
1112 fx
1113 ----
1114 (0 rows)
1116 SELECT fy FROM atestp2; -- ok
1117 fy
1118 ----
1119 (0 rows)
1121 SELECT atestp2 FROM atestp2; -- ok
1122 atestp2
1123 ---------
1124 (0 rows)
1126 SELECT tableoid FROM atestp2; -- ok
1127 tableoid
1128 ----------
1129 (0 rows)
1131 -- child's permissions do not apply when operating on parent
1132 SET SESSION AUTHORIZATION regress_priv_user1;
1133 REVOKE ALL ON atestc FROM regress_priv_user2;
1134 GRANT ALL ON atestp1 TO regress_priv_user2;
1135 SET SESSION AUTHORIZATION regress_priv_user2;
1136 SELECT f2 FROM atestp1; -- ok
1137 f2
1138 ----
1139 (0 rows)
1141 SELECT f2 FROM atestc; -- fail
1142 ERROR: permission denied for table atestc
1143 DELETE FROM atestp1; -- ok
1144 DELETE FROM atestc; -- fail
1145 ERROR: permission denied for table atestc
1146 UPDATE atestp1 SET f1 = 1; -- ok
1147 UPDATE atestc SET f1 = 1; -- fail
1148 ERROR: permission denied for table atestc
1149 TRUNCATE atestp1; -- ok
1150 TRUNCATE atestc; -- fail
1151 ERROR: permission denied for table atestc
1152 BEGIN;
1153 LOCK atestp1;
1154 END;
1155 BEGIN;
1156 LOCK atestc;
1157 ERROR: permission denied for table atestc
1158 END;
1159 -- privileges on functions, languages
1160 -- switch to superuser
1161 \c -
1162 REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC;
1163 GRANT USAGE ON LANGUAGE sql TO regress_priv_user1; -- ok
1164 GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail
1165 ERROR: language "c" is not trusted
1166 DETAIL: GRANT and REVOKE are not allowed on untrusted languages, because only superusers can use untrusted languages.
1167 SET SESSION AUTHORIZATION regress_priv_user1;
1168 GRANT USAGE ON LANGUAGE sql TO regress_priv_user2; -- fail
1169 WARNING: no privileges were granted for "sql"
1170 CREATE FUNCTION priv_testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql;
1171 CREATE FUNCTION priv_testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
1172 CREATE AGGREGATE priv_testagg1(int) (sfunc = int4pl, stype = int4);
1173 CREATE PROCEDURE priv_testproc1(int) AS 'select $1;' LANGUAGE sql;
1174 REVOKE ALL ON FUNCTION priv_testfunc1(int), priv_testfunc2(int), priv_testagg1(int) FROM PUBLIC;
1175 GRANT EXECUTE ON FUNCTION priv_testfunc1(int), priv_testfunc2(int), priv_testagg1(int) TO regress_priv_user2;
1176 REVOKE ALL ON FUNCTION priv_testproc1(int) FROM PUBLIC; -- fail, not a function
1177 ERROR: priv_testproc1(integer) is not a function
1178 REVOKE ALL ON PROCEDURE priv_testproc1(int) FROM PUBLIC;
1179 GRANT EXECUTE ON PROCEDURE priv_testproc1(int) TO regress_priv_user2;
1180 GRANT USAGE ON FUNCTION priv_testfunc1(int) TO regress_priv_user3; -- semantic error
1181 ERROR: invalid privilege type USAGE for function
1182 GRANT USAGE ON FUNCTION priv_testagg1(int) TO regress_priv_user3; -- semantic error
1183 ERROR: invalid privilege type USAGE for function
1184 GRANT USAGE ON PROCEDURE priv_testproc1(int) TO regress_priv_user3; -- semantic error
1185 ERROR: invalid privilege type USAGE for procedure
1186 GRANT ALL PRIVILEGES ON FUNCTION priv_testfunc1(int) TO regress_priv_user4;
1187 GRANT ALL PRIVILEGES ON FUNCTION priv_testfunc_nosuch(int) TO regress_priv_user4;
1188 ERROR: function priv_testfunc_nosuch(integer) does not exist
1189 GRANT ALL PRIVILEGES ON FUNCTION priv_testagg1(int) TO regress_priv_user4;
1190 GRANT ALL PRIVILEGES ON PROCEDURE priv_testproc1(int) TO regress_priv_user4;
1191 CREATE FUNCTION priv_testfunc4(boolean) RETURNS text
1192 AS 'select col1 from atest2 where col2 = $1;'
1193 LANGUAGE sql SECURITY DEFINER;
1194 GRANT EXECUTE ON FUNCTION priv_testfunc4(boolean) TO regress_priv_user3;
1195 SET SESSION AUTHORIZATION regress_priv_user2;
1196 SELECT priv_testfunc1(5), priv_testfunc2(5); -- ok
1197 priv_testfunc1 | priv_testfunc2
1198 ----------------+----------------
1199 10 | 15
1200 (1 row)
1202 CREATE FUNCTION priv_testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail
1203 ERROR: permission denied for language sql
1204 SELECT priv_testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok
1205 priv_testagg1
1206 ---------------
1207 6
1208 (1 row)
1210 CALL priv_testproc1(6); -- ok
1211 SET SESSION AUTHORIZATION regress_priv_user3;
1212 SELECT priv_testfunc1(5); -- fail
1213 ERROR: permission denied for function priv_testfunc1
1214 SELECT priv_testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail
1215 ERROR: permission denied for aggregate priv_testagg1
1216 CALL priv_testproc1(6); -- fail
1217 ERROR: permission denied for procedure priv_testproc1
1218 SELECT col1 FROM atest2 WHERE col2 = true; -- fail
1219 ERROR: permission denied for table atest2
1220 SELECT priv_testfunc4(true); -- ok
1221 priv_testfunc4
1222 ----------------
1223 bar
1224 (1 row)
1226 SET SESSION AUTHORIZATION regress_priv_user4;
1227 SELECT priv_testfunc1(5); -- ok
1228 priv_testfunc1
1229 ----------------
1230 10
1231 (1 row)
1233 SELECT priv_testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok
1234 priv_testagg1
1235 ---------------
1236 6
1237 (1 row)
1239 CALL priv_testproc1(6); -- ok
1240 DROP FUNCTION priv_testfunc1(int); -- fail
1241 ERROR: must be owner of function priv_testfunc1
1242 DROP AGGREGATE priv_testagg1(int); -- fail
1243 ERROR: must be owner of aggregate priv_testagg1
1244 DROP PROCEDURE priv_testproc1(int); -- fail
1245 ERROR: must be owner of procedure priv_testproc1
1246 \c -
1247 DROP FUNCTION priv_testfunc1(int); -- ok
1248 -- restore to sanity
1249 GRANT ALL PRIVILEGES ON LANGUAGE sql TO PUBLIC;
1250 -- verify privilege checks on array-element coercions
1251 BEGIN;
1252 SELECT '{1}'::int4[]::int8[];
1253 int8
1254 ------
1255 {1}
1256 (1 row)
1258 REVOKE ALL ON FUNCTION int8(integer) FROM PUBLIC;
1259 SELECT '{1}'::int4[]::int8[]; --superuser, succeed
1260 int8
1261 ------
1262 {1}
1263 (1 row)
1265 SET SESSION AUTHORIZATION regress_priv_user4;
1266 SELECT '{1}'::int4[]::int8[]; --other user, fail
1267 ERROR: permission denied for function int8
1268 ROLLBACK;
1269 -- privileges on types
1270 -- switch to superuser
1271 \c -
1272 CREATE TYPE priv_testtype1 AS (a int, b text);
1273 REVOKE USAGE ON TYPE priv_testtype1 FROM PUBLIC;
1274 GRANT USAGE ON TYPE priv_testtype1 TO regress_priv_user2;
1275 GRANT USAGE ON TYPE _priv_testtype1 TO regress_priv_user2; -- fail
1276 ERROR: cannot set privileges of array types
1277 HINT: Set the privileges of the element type instead.
1278 GRANT USAGE ON DOMAIN priv_testtype1 TO regress_priv_user2; -- fail
1279 ERROR: "priv_testtype1" is not a domain
1280 CREATE DOMAIN priv_testdomain1 AS int;
1281 REVOKE USAGE on DOMAIN priv_testdomain1 FROM PUBLIC;
1282 GRANT USAGE ON DOMAIN priv_testdomain1 TO regress_priv_user2;
1283 GRANT USAGE ON TYPE priv_testdomain1 TO regress_priv_user2; -- ok
1284 SET SESSION AUTHORIZATION regress_priv_user1;
1285 -- commands that should fail
1286 CREATE AGGREGATE priv_testagg1a(priv_testdomain1) (sfunc = int4_sum, stype = bigint);
1287 ERROR: permission denied for type priv_testdomain1
1288 CREATE DOMAIN priv_testdomain2a AS priv_testdomain1;
1289 ERROR: permission denied for type priv_testdomain1
1290 CREATE DOMAIN priv_testdomain3a AS int;
1291 CREATE FUNCTION castfunc(int) RETURNS priv_testdomain3a AS $$ SELECT $1::priv_testdomain3a $$ LANGUAGE SQL;
1292 CREATE CAST (priv_testdomain1 AS priv_testdomain3a) WITH FUNCTION castfunc(int);
1293 ERROR: permission denied for type priv_testdomain1
1294 DROP FUNCTION castfunc(int) CASCADE;
1295 DROP DOMAIN priv_testdomain3a;
1296 CREATE FUNCTION priv_testfunc5a(a priv_testdomain1) RETURNS int LANGUAGE SQL AS $$ SELECT $1 $$;
1297 ERROR: permission denied for type priv_testdomain1
1298 CREATE FUNCTION priv_testfunc6a(b int) RETURNS priv_testdomain1 LANGUAGE SQL AS $$ SELECT $1::priv_testdomain1 $$;
1299 ERROR: permission denied for type priv_testdomain1
1300 CREATE OPERATOR !+! (PROCEDURE = int4pl, LEFTARG = priv_testdomain1, RIGHTARG = priv_testdomain1);
1301 ERROR: permission denied for type priv_testdomain1
1302 CREATE TABLE test5a (a int, b priv_testdomain1);
1303 ERROR: permission denied for type priv_testdomain1
1304 CREATE TABLE test6a OF priv_testtype1;
1305 ERROR: permission denied for type priv_testtype1
1306 CREATE TABLE test10a (a int[], b priv_testtype1[]);
1307 ERROR: permission denied for type priv_testtype1
1308 CREATE TABLE test9a (a int, b int);
1309 ALTER TABLE test9a ADD COLUMN c priv_testdomain1;
1310 ERROR: permission denied for type priv_testdomain1
1311 ALTER TABLE test9a ALTER COLUMN b TYPE priv_testdomain1;
1312 ERROR: permission denied for type priv_testdomain1
1313 CREATE TYPE test7a AS (a int, b priv_testdomain1);
1314 ERROR: permission denied for type priv_testdomain1
1315 CREATE TYPE test8a AS (a int, b int);
1316 ALTER TYPE test8a ADD ATTRIBUTE c priv_testdomain1;
1317 ERROR: permission denied for type priv_testdomain1
1318 ALTER TYPE test8a ALTER ATTRIBUTE b TYPE priv_testdomain1;
1319 ERROR: permission denied for type priv_testdomain1
1320 CREATE TABLE test11a AS (SELECT 1::priv_testdomain1 AS a);
1321 ERROR: permission denied for type priv_testdomain1
1322 REVOKE ALL ON TYPE priv_testtype1 FROM PUBLIC;
1323 ERROR: permission denied for type priv_testtype1
1324 SET SESSION AUTHORIZATION regress_priv_user2;
1325 -- commands that should succeed
1326 CREATE AGGREGATE priv_testagg1b(priv_testdomain1) (sfunc = int4_sum, stype = bigint);
1327 CREATE DOMAIN priv_testdomain2b AS priv_testdomain1;
1328 CREATE DOMAIN priv_testdomain3b AS int;
1329 CREATE FUNCTION castfunc(int) RETURNS priv_testdomain3b AS $$ SELECT $1::priv_testdomain3b $$ LANGUAGE SQL;
1330 CREATE CAST (priv_testdomain1 AS priv_testdomain3b) WITH FUNCTION castfunc(int);
1331 WARNING: cast will be ignored because the source data type is a domain
1332 CREATE FUNCTION priv_testfunc5b(a priv_testdomain1) RETURNS int LANGUAGE SQL AS $$ SELECT $1 $$;
1333 CREATE FUNCTION priv_testfunc6b(b int) RETURNS priv_testdomain1 LANGUAGE SQL AS $$ SELECT $1::priv_testdomain1 $$;
1334 CREATE OPERATOR !! (PROCEDURE = priv_testfunc5b, RIGHTARG = priv_testdomain1);
1335 CREATE TABLE test5b (a int, b priv_testdomain1);
1336 CREATE TABLE test6b OF priv_testtype1;
1337 CREATE TABLE test10b (a int[], b priv_testtype1[]);
1338 CREATE TABLE test9b (a int, b int);
1339 ALTER TABLE test9b ADD COLUMN c priv_testdomain1;
1340 ALTER TABLE test9b ALTER COLUMN b TYPE priv_testdomain1;
1341 CREATE TYPE test7b AS (a int, b priv_testdomain1);
1342 CREATE TYPE test8b AS (a int, b int);
1343 ALTER TYPE test8b ADD ATTRIBUTE c priv_testdomain1;
1344 ALTER TYPE test8b ALTER ATTRIBUTE b TYPE priv_testdomain1;
1345 CREATE TABLE test11b AS (SELECT 1::priv_testdomain1 AS a);
1346 REVOKE ALL ON TYPE priv_testtype1 FROM PUBLIC;
1347 WARNING: no privileges could be revoked for "priv_testtype1"
1348 \c -
1349 DROP AGGREGATE priv_testagg1b(priv_testdomain1);
1350 DROP DOMAIN priv_testdomain2b;
1351 DROP OPERATOR !! (NONE, priv_testdomain1);
1352 DROP FUNCTION priv_testfunc5b(a priv_testdomain1);
1353 DROP FUNCTION priv_testfunc6b(b int);
1354 DROP TABLE test5b;
1355 DROP TABLE test6b;
1356 DROP TABLE test9b;
1357 DROP TABLE test10b;
1358 DROP TYPE test7b;
1359 DROP TYPE test8b;
1360 DROP CAST (priv_testdomain1 AS priv_testdomain3b);
1361 DROP FUNCTION castfunc(int) CASCADE;
1362 DROP DOMAIN priv_testdomain3b;
1363 DROP TABLE test11b;
1364 DROP TYPE priv_testtype1; -- ok
1365 DROP DOMAIN priv_testdomain1; -- ok
1366 -- truncate
1367 SET SESSION AUTHORIZATION regress_priv_user5;
1368 TRUNCATE atest2; -- ok
1369 TRUNCATE atest3; -- fail
1370 ERROR: permission denied for table atest3
1371 -- has_table_privilege function
1372 -- bad-input checks
1373 select has_table_privilege(NULL,'pg_authid','select');
1374 has_table_privilege
1375 ---------------------
1377 (1 row)
1379 select has_table_privilege('pg_shad','select');
1380 ERROR: relation "pg_shad" does not exist
1381 select has_table_privilege('nosuchuser','pg_authid','select');
1382 ERROR: role "nosuchuser" does not exist
1383 select has_table_privilege('pg_authid','sel');
1384 ERROR: unrecognized privilege type: "sel"
1385 select has_table_privilege(-999999,'pg_authid','update');
1386 has_table_privilege
1387 ---------------------
1388 f
1389 (1 row)
1391 select has_table_privilege(1,'select');
1392 has_table_privilege
1393 ---------------------
1395 (1 row)
1397 -- superuser
1398 \c -
1399 select has_table_privilege(current_user,'pg_authid','select');
1400 has_table_privilege
1401 ---------------------
1402 t
1403 (1 row)
1405 select has_table_privilege(current_user,'pg_authid','insert');
1406 has_table_privilege
1407 ---------------------
1408 t
1409 (1 row)
1411 select has_table_privilege(t2.oid,'pg_authid','update')
1412 from (select oid from pg_roles where rolname = current_user) as t2;
1413 has_table_privilege
1414 ---------------------
1415 t
1416 (1 row)
1418 select has_table_privilege(t2.oid,'pg_authid','delete')
1419 from (select oid from pg_roles where rolname = current_user) as t2;
1420 has_table_privilege
1421 ---------------------
1422 t
1423 (1 row)
1425 select has_table_privilege(current_user,t1.oid,'references')
1426 from (select oid from pg_class where relname = 'pg_authid') as t1;
1427 has_table_privilege
1428 ---------------------
1429 t
1430 (1 row)
1432 select has_table_privilege(t2.oid,t1.oid,'select')
1433 from (select oid from pg_class where relname = 'pg_authid') as t1,
1434 (select oid from pg_roles where rolname = current_user) as t2;
1435 has_table_privilege
1436 ---------------------
1437 t
1438 (1 row)
1440 select has_table_privilege(t2.oid,t1.oid,'insert')
1441 from (select oid from pg_class where relname = 'pg_authid') as t1,
1442 (select oid from pg_roles where rolname = current_user) as t2;
1443 has_table_privilege
1444 ---------------------
1445 t
1446 (1 row)
1448 select has_table_privilege('pg_authid','update');
1449 has_table_privilege
1450 ---------------------
1451 t
1452 (1 row)
1454 select has_table_privilege('pg_authid','delete');
1455 has_table_privilege
1456 ---------------------
1457 t
1458 (1 row)
1460 select has_table_privilege('pg_authid','truncate');
1461 has_table_privilege
1462 ---------------------
1463 t
1464 (1 row)
1466 select has_table_privilege(t1.oid,'select')
1467 from (select oid from pg_class where relname = 'pg_authid') as t1;
1468 has_table_privilege
1469 ---------------------
1470 t
1471 (1 row)
1473 select has_table_privilege(t1.oid,'trigger')
1474 from (select oid from pg_class where relname = 'pg_authid') as t1;
1475 has_table_privilege
1476 ---------------------
1477 t
1478 (1 row)
1480 -- non-superuser
1481 SET SESSION AUTHORIZATION regress_priv_user3;
1482 select has_table_privilege(current_user,'pg_class','select');
1483 has_table_privilege
1484 ---------------------
1485 t
1486 (1 row)
1488 select has_table_privilege(current_user,'pg_class','insert');
1489 has_table_privilege
1490 ---------------------
1491 f
1492 (1 row)
1494 select has_table_privilege(t2.oid,'pg_class','update')
1495 from (select oid from pg_roles where rolname = current_user) as t2;
1496 has_table_privilege
1497 ---------------------
1498 f
1499 (1 row)
1501 select has_table_privilege(t2.oid,'pg_class','delete')
1502 from (select oid from pg_roles where rolname = current_user) as t2;
1503 has_table_privilege
1504 ---------------------
1505 f
1506 (1 row)
1508 select has_table_privilege(current_user,t1.oid,'references')
1509 from (select oid from pg_class where relname = 'pg_class') as t1;
1510 has_table_privilege
1511 ---------------------
1512 f
1513 (1 row)
1515 select has_table_privilege(t2.oid,t1.oid,'select')
1516 from (select oid from pg_class where relname = 'pg_class') as t1,
1517 (select oid from pg_roles where rolname = current_user) as t2;
1518 has_table_privilege
1519 ---------------------
1520 t
1521 (1 row)
1523 select has_table_privilege(t2.oid,t1.oid,'insert')
1524 from (select oid from pg_class where relname = 'pg_class') as t1,
1525 (select oid from pg_roles where rolname = current_user) as t2;
1526 has_table_privilege
1527 ---------------------
1528 f
1529 (1 row)
1531 select has_table_privilege('pg_class','update');
1532 has_table_privilege
1533 ---------------------
1534 f
1535 (1 row)
1537 select has_table_privilege('pg_class','delete');
1538 has_table_privilege
1539 ---------------------
1540 f
1541 (1 row)
1543 select has_table_privilege('pg_class','truncate');
1544 has_table_privilege
1545 ---------------------
1546 f
1547 (1 row)
1549 select has_table_privilege(t1.oid,'select')
1550 from (select oid from pg_class where relname = 'pg_class') as t1;
1551 has_table_privilege
1552 ---------------------
1553 t
1554 (1 row)
1556 select has_table_privilege(t1.oid,'trigger')
1557 from (select oid from pg_class where relname = 'pg_class') as t1;
1558 has_table_privilege
1559 ---------------------
1560 f
1561 (1 row)
1563 select has_table_privilege(current_user,'atest1','select');
1564 has_table_privilege
1565 ---------------------
1566 t
1567 (1 row)
1569 select has_table_privilege(current_user,'atest1','insert');
1570 has_table_privilege
1571 ---------------------
1572 f
1573 (1 row)
1575 select has_table_privilege(t2.oid,'atest1','update')
1576 from (select oid from pg_roles where rolname = current_user) as t2;
1577 has_table_privilege
1578 ---------------------
1579 f
1580 (1 row)
1582 select has_table_privilege(t2.oid,'atest1','delete')
1583 from (select oid from pg_roles where rolname = current_user) as t2;
1584 has_table_privilege
1585 ---------------------
1586 f
1587 (1 row)
1589 select has_table_privilege(current_user,t1.oid,'references')
1590 from (select oid from pg_class where relname = 'atest1') as t1;
1591 has_table_privilege
1592 ---------------------
1593 f
1594 (1 row)
1596 select has_table_privilege(t2.oid,t1.oid,'select')
1597 from (select oid from pg_class where relname = 'atest1') as t1,
1598 (select oid from pg_roles where rolname = current_user) as t2;
1599 has_table_privilege
1600 ---------------------
1601 t
1602 (1 row)
1604 select has_table_privilege(t2.oid,t1.oid,'insert')
1605 from (select oid from pg_class where relname = 'atest1') as t1,
1606 (select oid from pg_roles where rolname = current_user) as t2;
1607 has_table_privilege
1608 ---------------------
1609 f
1610 (1 row)
1612 select has_table_privilege('atest1','update');
1613 has_table_privilege
1614 ---------------------
1615 f
1616 (1 row)
1618 select has_table_privilege('atest1','delete');
1619 has_table_privilege
1620 ---------------------
1621 f
1622 (1 row)
1624 select has_table_privilege('atest1','truncate');
1625 has_table_privilege
1626 ---------------------
1627 f
1628 (1 row)
1630 select has_table_privilege(t1.oid,'select')
1631 from (select oid from pg_class where relname = 'atest1') as t1;
1632 has_table_privilege
1633 ---------------------
1634 t
1635 (1 row)
1637 select has_table_privilege(t1.oid,'trigger')
1638 from (select oid from pg_class where relname = 'atest1') as t1;
1639 has_table_privilege
1640 ---------------------
1641 f
1642 (1 row)
1644 -- has_column_privilege function
1645 -- bad-input checks (as non-super-user)
1646 select has_column_privilege('pg_authid',NULL,'select');
1647 has_column_privilege
1648 ----------------------
1650 (1 row)
1652 select has_column_privilege('pg_authid','nosuchcol','select');
1653 ERROR: column "nosuchcol" of relation "pg_authid" does not exist
1654 select has_column_privilege(9999,'nosuchcol','select');
1655 has_column_privilege
1656 ----------------------
1658 (1 row)
1660 select has_column_privilege(9999,99::int2,'select');
1661 has_column_privilege
1662 ----------------------
1664 (1 row)
1666 select has_column_privilege('pg_authid',99::int2,'select');
1667 has_column_privilege
1668 ----------------------
1670 (1 row)
1672 select has_column_privilege(9999,99::int2,'select');
1673 has_column_privilege
1674 ----------------------
1676 (1 row)
1678 create temp table mytable(f1 int, f2 int, f3 int);
1679 alter table mytable drop column f2;
1680 select has_column_privilege('mytable','f2','select');
1681 ERROR: column "f2" of relation "mytable" does not exist
1682 select has_column_privilege('mytable','........pg.dropped.2........','select');
1683 has_column_privilege
1684 ----------------------
1686 (1 row)
1688 select has_column_privilege('mytable',2::int2,'select');
1689 has_column_privilege
1690 ----------------------
1692 (1 row)
1694 select has_column_privilege('mytable',99::int2,'select');
1695 has_column_privilege
1696 ----------------------
1698 (1 row)
1700 revoke select on table mytable from regress_priv_user3;
1701 select has_column_privilege('mytable',2::int2,'select');
1702 has_column_privilege
1703 ----------------------
1705 (1 row)
1707 select has_column_privilege('mytable',99::int2,'select');
1708 has_column_privilege
1709 ----------------------
1711 (1 row)
1713 drop table mytable;
1714 -- Grant options
1715 SET SESSION AUTHORIZATION regress_priv_user1;
1716 CREATE TABLE atest4 (a int);
1717 GRANT SELECT ON atest4 TO regress_priv_user2 WITH GRANT OPTION;
1718 GRANT UPDATE ON atest4 TO regress_priv_user2;
1719 GRANT SELECT ON atest4 TO GROUP regress_priv_group1 WITH GRANT OPTION;
1720 SET SESSION AUTHORIZATION regress_priv_user2;
1721 GRANT SELECT ON atest4 TO regress_priv_user3;
1722 GRANT UPDATE ON atest4 TO regress_priv_user3; -- fail
1723 WARNING: no privileges were granted for "atest4"
1724 SET SESSION AUTHORIZATION regress_priv_user1;
1725 REVOKE SELECT ON atest4 FROM regress_priv_user3; -- does nothing
1726 SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- true
1727 has_table_privilege
1728 ---------------------
1729 t
1730 (1 row)
1732 REVOKE SELECT ON atest4 FROM regress_priv_user2; -- fail
1733 ERROR: dependent privileges exist
1734 HINT: Use CASCADE to revoke them too.
1735 REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_priv_user2 CASCADE; -- ok
1736 SELECT has_table_privilege('regress_priv_user2', 'atest4', 'SELECT'); -- true
1737 has_table_privilege
1738 ---------------------
1739 t
1740 (1 row)
1742 SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- false
1743 has_table_privilege
1744 ---------------------
1745 f
1746 (1 row)
1748 SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
1749 has_table_privilege
1750 ---------------------
1751 t
1752 (1 row)
1754 -- security-restricted operations
1755 \c -
1756 CREATE ROLE regress_sro_user;
1757 -- Check that index expressions and predicates are run as the table's owner
1758 -- A dummy index function checking current_user
1759 CREATE FUNCTION sro_ifun(int) RETURNS int AS $$
1760 BEGIN
1761 -- Below we set the table's owner to regress_sro_user
1762 ASSERT current_user = 'regress_sro_user',
1763 format('sro_ifun(%s) called by %s', $1, current_user);
1764 RETURN $1;
1765 END;
1766 $$ LANGUAGE plpgsql IMMUTABLE;
1767 -- Create a table owned by regress_sro_user
1768 CREATE TABLE sro_tab (a int);
1769 ALTER TABLE sro_tab OWNER TO regress_sro_user;
1770 INSERT INTO sro_tab VALUES (1), (2), (3);
1771 -- Create an expression index with a predicate
1772 CREATE INDEX sro_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0)))
1773 WHERE sro_ifun(a + 10) > sro_ifun(10);
1774 DROP INDEX sro_idx;
1775 -- Do the same concurrently
1776 CREATE INDEX CONCURRENTLY sro_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0)))
1777 WHERE sro_ifun(a + 10) > sro_ifun(10);
1778 -- REINDEX
1779 REINDEX TABLE sro_tab;
1780 REINDEX INDEX sro_idx;
1781 REINDEX TABLE CONCURRENTLY sro_tab;
1782 DROP INDEX sro_idx;
1783 -- CLUSTER
1784 CREATE INDEX sro_cluster_idx ON sro_tab ((sro_ifun(a) + sro_ifun(0)));
1785 CLUSTER sro_tab USING sro_cluster_idx;
1786 DROP INDEX sro_cluster_idx;
1787 -- BRIN index
1788 CREATE INDEX sro_brin ON sro_tab USING brin ((sro_ifun(a) + sro_ifun(0)));
1789 SELECT brin_desummarize_range('sro_brin', 0);
1790 brin_desummarize_range
1791 ------------------------
1793 (1 row)
1795 SELECT brin_summarize_range('sro_brin', 0);
1796 brin_summarize_range
1797 ----------------------
1798 1
1799 (1 row)
1801 DROP TABLE sro_tab;
1802 -- Check with a partitioned table
1803 CREATE TABLE sro_ptab (a int) PARTITION BY RANGE (a);
1804 ALTER TABLE sro_ptab OWNER TO regress_sro_user;
1805 CREATE TABLE sro_part PARTITION OF sro_ptab FOR VALUES FROM (1) TO (10);
1806 ALTER TABLE sro_part OWNER TO regress_sro_user;
1807 INSERT INTO sro_ptab VALUES (1), (2), (3);
1808 CREATE INDEX sro_pidx ON sro_ptab ((sro_ifun(a) + sro_ifun(0)))
1809 WHERE sro_ifun(a + 10) > sro_ifun(10);
1810 REINDEX TABLE sro_ptab;
1811 REINDEX INDEX CONCURRENTLY sro_pidx;
1812 SET SESSION AUTHORIZATION regress_sro_user;
1813 CREATE FUNCTION unwanted_grant() RETURNS void LANGUAGE sql AS
1814 'GRANT regress_priv_group2 TO regress_sro_user';
1815 CREATE FUNCTION mv_action() RETURNS bool LANGUAGE sql AS
1816 'DECLARE c CURSOR WITH HOLD FOR SELECT public.unwanted_grant(); SELECT true';
1817 -- REFRESH of this MV will queue a GRANT at end of transaction
1818 CREATE MATERIALIZED VIEW sro_mv AS SELECT mv_action() WITH NO DATA;
1819 REFRESH MATERIALIZED VIEW sro_mv;
1820 ERROR: cannot create a cursor WITH HOLD within security-restricted operation
1821 CONTEXT: SQL function "mv_action" statement 1
1822 \c -
1823 REFRESH MATERIALIZED VIEW sro_mv;
1824 ERROR: cannot create a cursor WITH HOLD within security-restricted operation
1825 CONTEXT: SQL function "mv_action" statement 1
1826 SET SESSION AUTHORIZATION regress_sro_user;
1827 -- INSERT to this table will queue a GRANT at end of transaction
1828 CREATE TABLE sro_trojan_table ();
1829 CREATE FUNCTION sro_trojan() RETURNS trigger LANGUAGE plpgsql AS
1830 'BEGIN PERFORM public.unwanted_grant(); RETURN NULL; END';
1831 CREATE CONSTRAINT TRIGGER t AFTER INSERT ON sro_trojan_table
1832 INITIALLY DEFERRED FOR EACH ROW EXECUTE PROCEDURE sro_trojan();
1833 -- Now, REFRESH will issue such an INSERT, queueing the GRANT
1834 CREATE OR REPLACE FUNCTION mv_action() RETURNS bool LANGUAGE sql AS
1835 'INSERT INTO public.sro_trojan_table DEFAULT VALUES; SELECT true';
1836 REFRESH MATERIALIZED VIEW sro_mv;
1837 ERROR: cannot fire deferred trigger within security-restricted operation
1838 CONTEXT: SQL function "mv_action" statement 1
1839 \c -
1840 REFRESH MATERIALIZED VIEW sro_mv;
1841 ERROR: cannot fire deferred trigger within security-restricted operation
1842 CONTEXT: SQL function "mv_action" statement 1
1843 BEGIN; SET CONSTRAINTS ALL IMMEDIATE; REFRESH MATERIALIZED VIEW sro_mv; COMMIT;
1844 ERROR: permission denied to grant role "regress_priv_group2"
1845 DETAIL: Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
1846 CONTEXT: SQL function "unwanted_grant" statement 1
1847 SQL statement "SELECT public.unwanted_grant()"
1848 PL/pgSQL function public.sro_trojan() line 1 at PERFORM
1849 SQL function "mv_action" statement 1
1850 -- REFRESH MATERIALIZED VIEW CONCURRENTLY use of eval_const_expressions()
1851 SET SESSION AUTHORIZATION regress_sro_user;
1852 CREATE FUNCTION unwanted_grant_nofail(int) RETURNS int
1853 IMMUTABLE LANGUAGE plpgsql AS $$
1854 BEGIN
1855 PERFORM public.unwanted_grant();
1856 RAISE WARNING 'owned';
1857 RETURN 1;
1858 EXCEPTION WHEN OTHERS THEN
1859 RETURN 2;
1860 END$$;
1861 CREATE MATERIALIZED VIEW sro_index_mv AS SELECT 1 AS c;
1862 CREATE UNIQUE INDEX ON sro_index_mv (c) WHERE unwanted_grant_nofail(1) > 0;
1863 \c -
1864 REFRESH MATERIALIZED VIEW CONCURRENTLY sro_index_mv;
1865 REFRESH MATERIALIZED VIEW sro_index_mv;
1866 DROP OWNED BY regress_sro_user;
1867 DROP ROLE regress_sro_user;
1868 -- Admin options
1869 SET SESSION AUTHORIZATION regress_priv_user4;
1870 CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS
1871 'GRANT regress_priv_group2 TO regress_priv_user5';
1872 GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION
1873 SET ROLE regress_priv_group2;
1874 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege
1875 ERROR: permission denied to grant role "regress_priv_group2"
1876 DETAIL: Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
1877 SET SESSION AUTHORIZATION regress_priv_user1;
1878 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION
1879 ERROR: permission denied to grant role "regress_priv_group2"
1880 DETAIL: Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
1881 SELECT dogrant_ok(); -- ok: SECURITY DEFINER conveys ADMIN
1882 NOTICE: role "regress_priv_user5" has already been granted membership in role "regress_priv_group2" by role "regress_priv_user4"
1883 dogrant_ok
1884 ------------
1886 (1 row)
1888 SET ROLE regress_priv_group2;
1889 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help
1890 ERROR: permission denied to grant role "regress_priv_group2"
1891 DETAIL: Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
1892 SET SESSION AUTHORIZATION regress_priv_group2;
1893 GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no self-admin
1894 ERROR: permission denied to grant role "regress_priv_group2"
1895 DETAIL: Only roles with the ADMIN option on role "regress_priv_group2" may grant this role.
1896 SET SESSION AUTHORIZATION regress_priv_user4;
1897 DROP FUNCTION dogrant_ok();
1898 REVOKE regress_priv_group2 FROM regress_priv_user5;
1899 -- has_sequence_privilege tests
1900 \c -
1901 CREATE SEQUENCE x_seq;
1902 GRANT USAGE on x_seq to regress_priv_user2;
1903 SELECT has_sequence_privilege('regress_priv_user1', 'atest1', 'SELECT');
1904 ERROR: "atest1" is not a sequence
1905 SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'INSERT');
1906 ERROR: unrecognized privilege type: "INSERT"
1907 SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'SELECT');
1908 has_sequence_privilege
1909 ------------------------
1910 f
1911 (1 row)
1913 SET SESSION AUTHORIZATION regress_priv_user2;
1914 SELECT has_sequence_privilege('x_seq', 'USAGE');
1915 has_sequence_privilege
1916 ------------------------
1917 t
1918 (1 row)
1920 -- largeobject privilege tests
1921 \c -
1922 SET SESSION AUTHORIZATION regress_priv_user1;
1923 SELECT lo_create(1001);
1924 lo_create
1925 -----------
1926 1001
1927 (1 row)
1929 SELECT lo_create(1002);
1930 lo_create
1931 -----------
1932 1002
1933 (1 row)
1935 SELECT lo_create(1003);
1936 lo_create
1937 -----------
1938 1003
1939 (1 row)
1941 SELECT lo_create(1004);
1942 lo_create
1943 -----------
1944 1004
1945 (1 row)
1947 SELECT lo_create(1005);
1948 lo_create
1949 -----------
1950 1005
1951 (1 row)
1953 GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
1954 GRANT SELECT ON LARGE OBJECT 1003 TO regress_priv_user2;
1955 GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_priv_user2;
1956 GRANT ALL ON LARGE OBJECT 1005 TO regress_priv_user2;
1957 GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user2 WITH GRANT OPTION;
1958 GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed
1959 ERROR: invalid privilege type INSERT for large object
1960 GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed
1961 ERROR: role "nosuchuser" does not exist
1962 GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed
1963 ERROR: large object 999 does not exist
1964 \c -
1965 SET SESSION AUTHORIZATION regress_priv_user2;
1966 SELECT lo_create(2001);
1967 lo_create
1968 -----------
1969 2001
1970 (1 row)
1972 SELECT lo_create(2002);
1973 lo_create
1974 -----------
1975 2002
1976 (1 row)
1978 SELECT loread(lo_open(1001, x'20000'::int), 32); -- allowed, for now
1979 loread
1980 --------
1981 \x
1982 (1 row)
1984 SELECT lowrite(lo_open(1001, x'40000'::int), 'abcd'); -- fail, wrong mode
1985 ERROR: large object descriptor 0 was not opened for writing
1986 SELECT loread(lo_open(1001, x'40000'::int), 32);
1987 loread
1988 --------
1989 \x
1990 (1 row)
1992 SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
1993 ERROR: permission denied for large object 1002
1994 SELECT loread(lo_open(1003, x'40000'::int), 32);
1995 loread
1996 --------
1997 \x
1998 (1 row)
2000 SELECT loread(lo_open(1004, x'40000'::int), 32);
2001 loread
2002 --------
2003 \x
2004 (1 row)
2006 SELECT lowrite(lo_open(1001, x'20000'::int), 'abcd');
2007 lowrite
2008 ---------
2009 4
2010 (1 row)
2012 SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
2013 ERROR: permission denied for large object 1002
2014 SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd'); -- to be denied
2015 ERROR: permission denied for large object 1003
2016 SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
2017 lowrite
2018 ---------
2019 4
2020 (1 row)
2022 GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user3;
2023 GRANT UPDATE ON LARGE OBJECT 1006 TO regress_priv_user3; -- to be denied
2024 ERROR: large object 1006 does not exist
2025 REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
2026 GRANT ALL ON LARGE OBJECT 2001 TO regress_priv_user3;
2027 SELECT lo_unlink(1001); -- to be denied
2028 ERROR: must be owner of large object 1001
2029 SELECT lo_unlink(2002);
2030 lo_unlink
2031 -----------
2032 1
2033 (1 row)
2035 \c -
2036 -- confirm ACL setting
2037 SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
2038 oid | ownername | lomacl
2039 ------+--------------------+------------------------------------------------------------------------------------------------------------------------------
2040 1001 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,=rw/regress_priv_user1}
2041 1002 | regress_priv_user1 |
2042 1003 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r/regress_priv_user1}
2043 1004 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=rw/regress_priv_user1}
2044 1005 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r*w/regress_priv_user1,regress_priv_user3=r/regress_priv_user2}
2045 2001 | regress_priv_user2 | {regress_priv_user2=rw/regress_priv_user2,regress_priv_user3=rw/regress_priv_user2}
2046 (6 rows)
2048 SET SESSION AUTHORIZATION regress_priv_user3;
2049 SELECT loread(lo_open(1001, x'40000'::int), 32);
2050 loread
2051 ------------
2052 \x61626364
2053 (1 row)
2055 SELECT loread(lo_open(1003, x'40000'::int), 32); -- to be denied
2056 ERROR: permission denied for large object 1003
2057 SELECT loread(lo_open(1005, x'40000'::int), 32);
2058 loread
2059 --------
2060 \x
2061 (1 row)
2063 SELECT lo_truncate(lo_open(1005, x'20000'::int), 10); -- to be denied
2064 ERROR: permission denied for large object 1005
2065 SELECT lo_truncate(lo_open(2001, x'20000'::int), 10);
2066 lo_truncate
2067 -------------
2068 0
2069 (1 row)
2071 -- has_largeobject_privilege function
2072 -- superuser
2073 \c -
2074 SELECT has_largeobject_privilege(1001, 'SELECT');
2075 has_largeobject_privilege
2076 ---------------------------
2077 t
2078 (1 row)
2080 SELECT has_largeobject_privilege(1002, 'SELECT');
2081 has_largeobject_privilege
2082 ---------------------------
2083 t
2084 (1 row)
2086 SELECT has_largeobject_privilege(1003, 'SELECT');
2087 has_largeobject_privilege
2088 ---------------------------
2089 t
2090 (1 row)
2092 SELECT has_largeobject_privilege(1004, 'SELECT');
2093 has_largeobject_privilege
2094 ---------------------------
2095 t
2096 (1 row)
2098 SELECT has_largeobject_privilege(1001, 'UPDATE');
2099 has_largeobject_privilege
2100 ---------------------------
2101 t
2102 (1 row)
2104 SELECT has_largeobject_privilege(1002, 'UPDATE');
2105 has_largeobject_privilege
2106 ---------------------------
2107 t
2108 (1 row)
2110 SELECT has_largeobject_privilege(1003, 'UPDATE');
2111 has_largeobject_privilege
2112 ---------------------------
2113 t
2114 (1 row)
2116 SELECT has_largeobject_privilege(1004, 'UPDATE');
2117 has_largeobject_privilege
2118 ---------------------------
2119 t
2120 (1 row)
2122 -- not-existing large object
2123 SELECT has_largeobject_privilege(9999, 'SELECT'); -- NULL
2124 has_largeobject_privilege
2125 ---------------------------
2127 (1 row)
2129 -- non-superuser
2130 SET SESSION AUTHORIZATION regress_priv_user2;
2131 SELECT has_largeobject_privilege(1001, 'SELECT');
2132 has_largeobject_privilege
2133 ---------------------------
2134 t
2135 (1 row)
2137 SELECT has_largeobject_privilege(1002, 'SELECT'); -- false
2138 has_largeobject_privilege
2139 ---------------------------
2140 f
2141 (1 row)
2143 SELECT has_largeobject_privilege(1003, 'SELECT');
2144 has_largeobject_privilege
2145 ---------------------------
2146 t
2147 (1 row)
2149 SELECT has_largeobject_privilege(1004, 'SELECT');
2150 has_largeobject_privilege
2151 ---------------------------
2152 t
2153 (1 row)
2155 SELECT has_largeobject_privilege(1001, 'UPDATE');
2156 has_largeobject_privilege
2157 ---------------------------
2158 t
2159 (1 row)
2161 SELECT has_largeobject_privilege(1002, 'UPDATE'); -- false
2162 has_largeobject_privilege
2163 ---------------------------
2164 f
2165 (1 row)
2167 SELECT has_largeobject_privilege(1003, 'UPDATE'); -- false
2168 has_largeobject_privilege
2169 ---------------------------
2170 f
2171 (1 row)
2173 SELECT has_largeobject_privilege(1004, 'UPDATE');
2174 has_largeobject_privilege
2175 ---------------------------
2176 t
2177 (1 row)
2179 SELECT has_largeobject_privilege('regress_priv_user3', 1001, 'SELECT');
2180 has_largeobject_privilege
2181 ---------------------------
2182 t
2183 (1 row)
2185 SELECT has_largeobject_privilege('regress_priv_user3', 1003, 'SELECT'); -- false
2186 has_largeobject_privilege
2187 ---------------------------
2188 f
2189 (1 row)
2191 SELECT has_largeobject_privilege('regress_priv_user3', 1005, 'SELECT');
2192 has_largeobject_privilege
2193 ---------------------------
2194 t
2195 (1 row)
2197 SELECT has_largeobject_privilege('regress_priv_user3', 1005, 'UPDATE'); -- false
2198 has_largeobject_privilege
2199 ---------------------------
2200 f
2201 (1 row)
2203 SELECT has_largeobject_privilege('regress_priv_user3', 2001, 'UPDATE');
2204 has_largeobject_privilege
2205 ---------------------------
2206 t
2207 (1 row)
2209 -- compatibility mode in largeobject permission
2210 \c -
2211 SET lo_compat_privileges = false; -- default setting
2212 SET SESSION AUTHORIZATION regress_priv_user4;
2213 SELECT has_largeobject_privilege(1002, 'SELECT'); -- false
2214 has_largeobject_privilege
2215 ---------------------------
2216 f
2217 (1 row)
2219 SELECT has_largeobject_privilege(1002, 'UPDATE'); -- false
2220 has_largeobject_privilege
2221 ---------------------------
2222 f
2223 (1 row)
2225 SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
2226 ERROR: permission denied for large object 1002
2227 SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
2228 ERROR: permission denied for large object 1002
2229 SELECT lo_truncate(lo_open(1002, x'20000'::int), 10); -- to be denied
2230 ERROR: permission denied for large object 1002
2231 SELECT lo_put(1002, 1, 'abcd'); -- to be denied
2232 ERROR: permission denied for large object 1002
2233 SELECT lo_unlink(1002); -- to be denied
2234 ERROR: must be owner of large object 1002
2235 SELECT lo_export(1001, '/dev/null'); -- to be denied
2236 ERROR: permission denied for function lo_export
2237 SELECT lo_import('/dev/null'); -- to be denied
2238 ERROR: permission denied for function lo_import
2239 SELECT lo_import('/dev/null', 2003); -- to be denied
2240 ERROR: permission denied for function lo_import
2241 \c -
2242 SET lo_compat_privileges = true; -- compatibility mode
2243 SET SESSION AUTHORIZATION regress_priv_user4;
2244 SELECT has_largeobject_privilege(1002, 'SELECT'); -- true
2245 has_largeobject_privilege
2246 ---------------------------
2247 t
2248 (1 row)
2250 SELECT has_largeobject_privilege(1002, 'UPDATE'); -- true
2251 has_largeobject_privilege
2252 ---------------------------
2253 t
2254 (1 row)
2256 SELECT loread(lo_open(1002, x'40000'::int), 32);
2257 loread
2258 --------
2259 \x
2260 (1 row)
2262 SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');
2263 lowrite
2264 ---------
2265 4
2266 (1 row)
2268 SELECT lo_truncate(lo_open(1002, x'20000'::int), 10);
2269 lo_truncate
2270 -------------
2271 0
2272 (1 row)
2274 SELECT lo_unlink(1002);
2275 lo_unlink
2276 -----------
2277 1
2278 (1 row)
2280 SELECT lo_export(1001, '/dev/null'); -- to be denied
2281 ERROR: permission denied for function lo_export
2282 -- don't allow unpriv users to access pg_largeobject contents
2283 \c -
2284 SELECT * FROM pg_largeobject LIMIT 0;
2285 loid | pageno | data
2286 ------+--------+------
2287 (0 rows)
2289 SET SESSION AUTHORIZATION regress_priv_user1;
2290 SELECT * FROM pg_largeobject LIMIT 0; -- to be denied
2291 ERROR: permission denied for table pg_largeobject
2292 -- pg_signal_backend can't signal superusers
2293 RESET SESSION AUTHORIZATION;
2294 BEGIN;
2295 CREATE OR REPLACE FUNCTION terminate_nothrow(pid int) RETURNS bool
2296 LANGUAGE plpgsql SECURITY DEFINER SET client_min_messages = error AS $$
2297 BEGIN
2298 RETURN pg_terminate_backend($1);
2299 EXCEPTION WHEN OTHERS THEN
2300 RETURN false;
2301 END$$;
2302 ALTER FUNCTION terminate_nothrow OWNER TO pg_signal_backend;
2303 SELECT backend_type FROM pg_stat_activity
2304 WHERE CASE WHEN COALESCE(usesysid, 10) = 10 THEN terminate_nothrow(pid) END;
2305 backend_type
2306 --------------
2307 (0 rows)
2309 ROLLBACK;
2310 -- test pg_database_owner
2311 RESET SESSION AUTHORIZATION;
2312 GRANT pg_database_owner TO regress_priv_user1;
2313 ERROR: role "pg_database_owner" cannot have explicit members
2314 GRANT regress_priv_user1 TO pg_database_owner;
2315 ERROR: role "pg_database_owner" cannot be a member of any role
2316 CREATE TABLE datdba_only ();
2317 ALTER TABLE datdba_only OWNER TO pg_database_owner;
2318 REVOKE DELETE ON datdba_only FROM pg_database_owner;
2319 SELECT
2320 pg_has_role('regress_priv_user1', 'pg_database_owner', 'USAGE') as priv,
2321 pg_has_role('regress_priv_user1', 'pg_database_owner', 'MEMBER') as mem,
2322 pg_has_role('regress_priv_user1', 'pg_database_owner',
2323 'MEMBER WITH ADMIN OPTION') as admin;
2324 priv | mem | admin
2325 ------+-----+-------
2326 f | f | f
2327 (1 row)
2329 BEGIN;
2330 DO $$BEGIN EXECUTE format(
2331 'ALTER DATABASE %I OWNER TO regress_priv_group2', current_catalog); END$$;
2332 SELECT
2333 pg_has_role('regress_priv_user1', 'pg_database_owner', 'USAGE') as priv,
2334 pg_has_role('regress_priv_user1', 'pg_database_owner', 'MEMBER') as mem,
2335 pg_has_role('regress_priv_user1', 'pg_database_owner',
2336 'MEMBER WITH ADMIN OPTION') as admin;
2337 priv | mem | admin
2338 ------+-----+-------
2339 t | t | f
2340 (1 row)
2342 SET SESSION AUTHORIZATION regress_priv_user1;
2343 TABLE information_schema.enabled_roles ORDER BY role_name COLLATE "C";
2344 role_name
2345 ---------------------
2346 pg_database_owner
2347 regress_priv_group2
2348 regress_priv_user1
2349 (3 rows)
2351 TABLE information_schema.applicable_roles ORDER BY role_name COLLATE "C";
2352 grantee | role_name | is_grantable
2353 ---------------------+---------------------+--------------
2354 regress_priv_group2 | pg_database_owner | NO
2355 regress_priv_user1 | regress_priv_group2 | NO
2356 (2 rows)
2358 INSERT INTO datdba_only DEFAULT VALUES;
2359 SAVEPOINT q; DELETE FROM datdba_only; ROLLBACK TO q;
2360 ERROR: permission denied for table datdba_only
2361 SET SESSION AUTHORIZATION regress_priv_user2;
2362 TABLE information_schema.enabled_roles;
2363 role_name
2364 --------------------
2365 regress_priv_user2
2366 (1 row)
2368 INSERT INTO datdba_only DEFAULT VALUES;
2369 ERROR: permission denied for table datdba_only
2370 ROLLBACK;
2371 -- test default ACLs
2372 \c -
2373 CREATE SCHEMA testns;
2374 GRANT ALL ON SCHEMA testns TO regress_priv_user1;
2375 CREATE TABLE testns.acltest1 (x int);
2376 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
2377 has_table_privilege
2378 ---------------------
2379 f
2380 (1 row)
2382 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
2383 has_table_privilege
2384 ---------------------
2385 f
2386 (1 row)
2388 -- placeholder for test with duplicated schema and role names
2389 ALTER DEFAULT PRIVILEGES IN SCHEMA testns,testns GRANT SELECT ON TABLES TO public,public;
2390 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
2391 has_table_privilege
2392 ---------------------
2393 f
2394 (1 row)
2396 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
2397 has_table_privilege
2398 ---------------------
2399 f
2400 (1 row)
2402 DROP TABLE testns.acltest1;
2403 CREATE TABLE testns.acltest1 (x int);
2404 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
2405 has_table_privilege
2406 ---------------------
2407 t
2408 (1 row)
2410 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
2411 has_table_privilege
2412 ---------------------
2413 f
2414 (1 row)
2416 ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_priv_user1;
2417 DROP TABLE testns.acltest1;
2418 CREATE TABLE testns.acltest1 (x int);
2419 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
2420 has_table_privilege
2421 ---------------------
2422 t
2423 (1 row)
2425 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- yes
2426 has_table_privilege
2427 ---------------------
2428 t
2429 (1 row)
2431 ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_priv_user1;
2432 DROP TABLE testns.acltest1;
2433 CREATE TABLE testns.acltest1 (x int);
2434 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
2435 has_table_privilege
2436 ---------------------
2437 t
2438 (1 row)
2440 SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
2441 has_table_privilege
2442 ---------------------
2443 f
2444 (1 row)
2446 ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
2447 ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error
2448 ERROR: cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS
2449 -- Test makeaclitem()
2450 SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole,
2451 'SELECT', TRUE); -- single privilege
2452 makeaclitem
2453 ------------------------------------------
2454 regress_priv_user1=r*/regress_priv_user2
2455 (1 row)
2457 SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole,
2458 'SELECT, INSERT, UPDATE , DELETE ', FALSE); -- multiple privileges
2459 makeaclitem
2460 --------------------------------------------
2461 regress_priv_user1=arwd/regress_priv_user2
2462 (1 row)
2464 SELECT makeaclitem('regress_priv_user1'::regrole, 'regress_priv_user2'::regrole,
2465 'SELECT, fake_privilege', FALSE); -- error
2466 ERROR: unrecognized privilege type: "fake_privilege"
2467 -- Test non-throwing aclitem I/O
2468 SELECT pg_input_is_valid('regress_priv_user1=r/regress_priv_user2', 'aclitem');
2469 pg_input_is_valid
2470 -------------------
2471 t
2472 (1 row)
2474 SELECT pg_input_is_valid('regress_priv_user1=r/', 'aclitem');
2475 pg_input_is_valid
2476 -------------------
2477 f
2478 (1 row)
2480 SELECT * FROM pg_input_error_info('regress_priv_user1=r/', 'aclitem');
2481 message | detail | hint | sql_error_code
2482 ---------------------------------+--------+------+----------------
2483 a name must follow the "/" sign | | | 22P02
2484 (1 row)
2486 SELECT pg_input_is_valid('regress_priv_user1=r/regress_no_such_user', 'aclitem');
2487 pg_input_is_valid
2488 -------------------
2489 f
2490 (1 row)
2492 SELECT * FROM pg_input_error_info('regress_priv_user1=r/regress_no_such_user', 'aclitem');
2493 message | detail | hint | sql_error_code
2494 --------------------------------------------+--------+------+----------------
2495 role "regress_no_such_user" does not exist | | | 42704
2496 (1 row)
2498 SELECT pg_input_is_valid('regress_priv_user1=rY', 'aclitem');
2499 pg_input_is_valid
2500 -------------------
2501 f
2502 (1 row)
2504 SELECT * FROM pg_input_error_info('regress_priv_user1=rY', 'aclitem');
2505 message | detail | hint | sql_error_code
2506 ----------------------------------------------------------+--------+------+----------------
2507 invalid mode character: must be one of "arwdDxtXUCTcsAm" | | | 22P02
2508 (1 row)
2510 --
2511 -- Testing blanket default grants is very hazardous since it might change
2512 -- the privileges attached to objects created by concurrent regression tests.
2513 -- To avoid that, be sure to revoke the privileges again before committing.
2514 --
2515 BEGIN;
2516 ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_priv_user2;
2517 CREATE SCHEMA testns2;
2518 SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'USAGE'); -- yes
2519 has_schema_privilege
2520 ----------------------
2521 t
2522 (1 row)
2524 SELECT has_schema_privilege('regress_priv_user6', 'testns2', 'USAGE'); -- yes
2525 has_schema_privilege
2526 ----------------------
2527 t
2528 (1 row)
2530 SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'CREATE'); -- no
2531 has_schema_privilege
2532 ----------------------
2533 f
2534 (1 row)
2536 ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_priv_user2;
2537 CREATE SCHEMA testns3;
2538 SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'USAGE'); -- no
2539 has_schema_privilege
2540 ----------------------
2541 f
2542 (1 row)
2544 SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'CREATE'); -- no
2545 has_schema_privilege
2546 ----------------------
2547 f
2548 (1 row)
2550 ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
2551 CREATE SCHEMA testns4;
2552 SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'USAGE'); -- yes
2553 has_schema_privilege
2554 ----------------------
2555 t
2556 (1 row)
2558 SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes
2559 has_schema_privilege
2560 ----------------------
2561 t
2562 (1 row)
2564 ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2;
2565 COMMIT;
2566 -- Test for DROP OWNED BY with shared dependencies. This is done in a
2567 -- separate, rollbacked, transaction to avoid any trouble with other
2568 -- regression sessions.
2569 BEGIN;
2570 ALTER DEFAULT PRIVILEGES GRANT ALL ON FUNCTIONS TO regress_priv_user2;
2571 ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
2572 ALTER DEFAULT PRIVILEGES GRANT ALL ON SEQUENCES TO regress_priv_user2;
2573 ALTER DEFAULT PRIVILEGES GRANT ALL ON TABLES TO regress_priv_user2;
2574 ALTER DEFAULT PRIVILEGES GRANT ALL ON TYPES TO regress_priv_user2;
2575 SELECT count(*) FROM pg_shdepend
2576 WHERE deptype = 'a' AND
2577 refobjid = 'regress_priv_user2'::regrole AND
2578 classid = 'pg_default_acl'::regclass;
2579 count
2580 -------
2581 5
2582 (1 row)
2584 DROP OWNED BY regress_priv_user2, regress_priv_user2;
2585 SELECT count(*) FROM pg_shdepend
2586 WHERE deptype = 'a' AND
2587 refobjid = 'regress_priv_user2'::regrole AND
2588 classid = 'pg_default_acl'::regclass;
2589 count
2590 -------
2591 0
2592 (1 row)
2594 ROLLBACK;
2595 CREATE SCHEMA testns5;
2596 SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no
2597 has_schema_privilege
2598 ----------------------
2599 f
2600 (1 row)
2602 SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'CREATE'); -- no
2603 has_schema_privilege
2604 ----------------------
2605 f
2606 (1 row)
2608 SET ROLE regress_priv_user1;
2609 CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
2610 CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
2611 CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
2612 SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- no
2613 has_function_privilege
2614 ------------------------
2615 f
2616 (1 row)
2618 SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
2619 has_function_privilege
2620 ------------------------
2621 f
2622 (1 row)
2624 SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- no
2625 has_function_privilege
2626 ------------------------
2627 f
2628 (1 row)
2630 ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON ROUTINES to public;
2631 DROP FUNCTION testns.foo();
2632 CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
2633 DROP AGGREGATE testns.agg1(int);
2634 CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
2635 DROP PROCEDURE testns.bar();
2636 CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
2637 SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- yes
2638 has_function_privilege
2639 ------------------------
2640 t
2641 (1 row)
2643 SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
2644 has_function_privilege
2645 ------------------------
2646 t
2647 (1 row)
2649 SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
2650 has_function_privilege
2651 ------------------------
2652 t
2653 (1 row)
2655 DROP FUNCTION testns.foo();
2656 DROP AGGREGATE testns.agg1(int);
2657 DROP PROCEDURE testns.bar();
2658 ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE USAGE ON TYPES FROM public;
2659 CREATE DOMAIN testns.priv_testdomain1 AS int;
2660 SELECT has_type_privilege('regress_priv_user2', 'testns.priv_testdomain1', 'USAGE'); -- no
2661 has_type_privilege
2662 --------------------
2663 f
2664 (1 row)
2666 ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public;
2667 DROP DOMAIN testns.priv_testdomain1;
2668 CREATE DOMAIN testns.priv_testdomain1 AS int;
2669 SELECT has_type_privilege('regress_priv_user2', 'testns.priv_testdomain1', 'USAGE'); -- yes
2670 has_type_privilege
2671 --------------------
2672 t
2673 (1 row)
2675 DROP DOMAIN testns.priv_testdomain1;
2676 RESET ROLE;
2677 SELECT count(*)
2678 FROM pg_default_acl d LEFT JOIN pg_namespace n ON defaclnamespace = n.oid
2679 WHERE nspname = 'testns';
2680 count
2681 -------
2682 3
2683 (1 row)
2685 DROP SCHEMA testns CASCADE;
2686 NOTICE: drop cascades to table testns.acltest1
2687 DROP SCHEMA testns2 CASCADE;
2688 DROP SCHEMA testns3 CASCADE;
2689 DROP SCHEMA testns4 CASCADE;
2690 DROP SCHEMA testns5 CASCADE;
2691 SELECT d.* -- check that entries went away
2692 FROM pg_default_acl d LEFT JOIN pg_namespace n ON defaclnamespace = n.oid
2693 WHERE nspname IS NULL AND defaclnamespace != 0;
2694 oid | defaclrole | defaclnamespace | defaclobjtype | defaclacl
2695 -----+------------+-----------------+---------------+-----------
2696 (0 rows)
2698 -- Grant on all objects of given type in a schema
2699 \c -
2700 CREATE SCHEMA testns;
2701 CREATE TABLE testns.t1 (f1 int);
2702 CREATE TABLE testns.t2 (f1 int);
2703 SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
2704 has_table_privilege
2705 ---------------------
2706 f
2707 (1 row)
2709 GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_priv_user1;
2710 SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- true
2711 has_table_privilege
2712 ---------------------
2713 t
2714 (1 row)
2716 SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- true
2717 has_table_privilege
2718 ---------------------
2719 t
2720 (1 row)
2722 REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_priv_user1;
2723 SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
2724 has_table_privilege
2725 ---------------------
2726 f
2727 (1 row)
2729 SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- false
2730 has_table_privilege
2731 ---------------------
2732 f
2733 (1 row)
2735 CREATE FUNCTION testns.priv_testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
2736 CREATE AGGREGATE testns.priv_testagg(int) (sfunc = int4pl, stype = int4);
2737 CREATE PROCEDURE testns.priv_testproc(int) AS 'select 3' LANGUAGE sql;
2738 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testfunc(int)', 'EXECUTE'); -- true by default
2739 has_function_privilege
2740 ------------------------
2741 t
2742 (1 row)
2744 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testagg(int)', 'EXECUTE'); -- true by default
2745 has_function_privilege
2746 ------------------------
2747 t
2748 (1 row)
2750 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testproc(int)', 'EXECUTE'); -- true by default
2751 has_function_privilege
2752 ------------------------
2753 t
2754 (1 row)
2756 REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC;
2757 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testfunc(int)', 'EXECUTE'); -- false
2758 has_function_privilege
2759 ------------------------
2760 f
2761 (1 row)
2763 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testagg(int)', 'EXECUTE'); -- false
2764 has_function_privilege
2765 ------------------------
2766 f
2767 (1 row)
2769 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testproc(int)', 'EXECUTE'); -- still true, not a function
2770 has_function_privilege
2771 ------------------------
2772 t
2773 (1 row)
2775 REVOKE ALL ON ALL PROCEDURES IN SCHEMA testns FROM PUBLIC;
2776 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testproc(int)', 'EXECUTE'); -- now false
2777 has_function_privilege
2778 ------------------------
2779 f
2780 (1 row)
2782 GRANT ALL ON ALL ROUTINES IN SCHEMA testns TO PUBLIC;
2783 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testfunc(int)', 'EXECUTE'); -- true
2784 has_function_privilege
2785 ------------------------
2786 t
2787 (1 row)
2789 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testagg(int)', 'EXECUTE'); -- true
2790 has_function_privilege
2791 ------------------------
2792 t
2793 (1 row)
2795 SELECT has_function_privilege('regress_priv_user1', 'testns.priv_testproc(int)', 'EXECUTE'); -- true
2796 has_function_privilege
2797 ------------------------
2798 t
2799 (1 row)
2801 DROP SCHEMA testns CASCADE;
2802 NOTICE: drop cascades to 5 other objects
2803 DETAIL: drop cascades to table testns.t1
2804 drop cascades to table testns.t2
2805 drop cascades to function testns.priv_testfunc(integer)
2806 drop cascades to function testns.priv_testagg(integer)
2807 drop cascades to function testns.priv_testproc(integer)
2808 -- Change owner of the schema & and rename of new schema owner
2809 \c -
2810 CREATE ROLE regress_schemauser1 superuser login;
2811 CREATE ROLE regress_schemauser2 superuser login;
2812 SET SESSION ROLE regress_schemauser1;
2813 CREATE SCHEMA testns;
2814 SELECT nspname, rolname FROM pg_namespace, pg_roles WHERE pg_namespace.nspname = 'testns' AND pg_namespace.nspowner = pg_roles.oid;
2815 nspname | rolname
2816 ---------+---------------------
2817 testns | regress_schemauser1
2818 (1 row)
2820 ALTER SCHEMA testns OWNER TO regress_schemauser2;
2821 ALTER ROLE regress_schemauser2 RENAME TO regress_schemauser_renamed;
2822 SELECT nspname, rolname FROM pg_namespace, pg_roles WHERE pg_namespace.nspname = 'testns' AND pg_namespace.nspowner = pg_roles.oid;
2823 nspname | rolname
2824 ---------+----------------------------
2825 testns | regress_schemauser_renamed
2826 (1 row)
2828 set session role regress_schemauser_renamed;
2829 DROP SCHEMA testns CASCADE;
2830 -- clean up
2831 \c -
2832 DROP ROLE regress_schemauser1;
2833 DROP ROLE regress_schemauser_renamed;
2834 -- test that dependent privileges are revoked (or not) properly
2835 \c -
2836 set session role regress_priv_user1;
2837 create table dep_priv_test (a int);
2838 grant select on dep_priv_test to regress_priv_user2 with grant option;
2839 grant select on dep_priv_test to regress_priv_user3 with grant option;
2840 set session role regress_priv_user2;
2841 grant select on dep_priv_test to regress_priv_user4 with grant option;
2842 set session role regress_priv_user3;
2843 grant select on dep_priv_test to regress_priv_user4 with grant option;
2844 set session role regress_priv_user4;
2845 grant select on dep_priv_test to regress_priv_user5;
2846 \dp dep_priv_test
2847 Access privileges
2848 Schema | Name | Type | Access privileges | Column privileges | Policies
2849 --------+---------------+-------+------------------------------------------------+-------------------+----------
2850 public | dep_priv_test | table | regress_priv_user1=arwdDxtm/regress_priv_user1+| |
2851 | | | regress_priv_user2=r*/regress_priv_user1 +| |
2852 | | | regress_priv_user3=r*/regress_priv_user1 +| |
2853 | | | regress_priv_user4=r*/regress_priv_user2 +| |
2854 | | | regress_priv_user4=r*/regress_priv_user3 +| |
2855 | | | regress_priv_user5=r/regress_priv_user4 | |
2856 (1 row)
2858 set session role regress_priv_user2;
2859 revoke select on dep_priv_test from regress_priv_user4 cascade;
2860 \dp dep_priv_test
2861 Access privileges
2862 Schema | Name | Type | Access privileges | Column privileges | Policies
2863 --------+---------------+-------+------------------------------------------------+-------------------+----------
2864 public | dep_priv_test | table | regress_priv_user1=arwdDxtm/regress_priv_user1+| |
2865 | | | regress_priv_user2=r*/regress_priv_user1 +| |
2866 | | | regress_priv_user3=r*/regress_priv_user1 +| |
2867 | | | regress_priv_user4=r*/regress_priv_user3 +| |
2868 | | | regress_priv_user5=r/regress_priv_user4 | |
2869 (1 row)
2871 set session role regress_priv_user3;
2872 revoke select on dep_priv_test from regress_priv_user4 cascade;
2873 \dp dep_priv_test
2874 Access privileges
2875 Schema | Name | Type | Access privileges | Column privileges | Policies
2876 --------+---------------+-------+------------------------------------------------+-------------------+----------
2877 public | dep_priv_test | table | regress_priv_user1=arwdDxtm/regress_priv_user1+| |
2878 | | | regress_priv_user2=r*/regress_priv_user1 +| |
2879 | | | regress_priv_user3=r*/regress_priv_user1 | |
2880 (1 row)
2882 set session role regress_priv_user1;
2883 drop table dep_priv_test;
2884 -- clean up
2885 \c
2886 drop sequence x_seq;
2887 DROP AGGREGATE priv_testagg1(int);
2888 DROP FUNCTION priv_testfunc2(int);
2889 DROP FUNCTION priv_testfunc4(boolean);
2890 DROP PROCEDURE priv_testproc1(int);
2891 DROP VIEW atestv0;
2892 DROP VIEW atestv1;
2893 DROP VIEW atestv2;
2894 -- this should cascade to drop atestv4
2895 DROP VIEW atestv3 CASCADE;
2896 NOTICE: drop cascades to view atestv4
2897 -- this should complain "does not exist"
2898 DROP VIEW atestv4;
2899 ERROR: view "atestv4" does not exist
2900 DROP TABLE atest1;
2901 DROP TABLE atest2;
2902 DROP TABLE atest3;
2903 DROP TABLE atest4;
2904 DROP TABLE atest5;
2905 DROP TABLE atest6;
2906 DROP TABLE atestc;
2907 DROP TABLE atestp1;
2908 DROP TABLE atestp2;
2909 SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
2910 lo_unlink
2911 -----------
2912 1
2913 1
2914 1
2915 1
2916 1
2917 (5 rows)
2919 DROP GROUP regress_priv_group1;
2920 DROP GROUP regress_priv_group2;
2921 -- these are needed to clean up permissions
2922 REVOKE USAGE ON LANGUAGE sql FROM regress_priv_user1;
2923 DROP OWNED BY regress_priv_user1;
2924 DROP USER regress_priv_user1;
2925 DROP USER regress_priv_user2;
2926 DROP USER regress_priv_user3;
2927 DROP USER regress_priv_user4;
2928 DROP USER regress_priv_user5;
2929 DROP USER regress_priv_user6;
2930 DROP USER regress_priv_user7;
2931 DROP USER regress_priv_user8; -- does not exist
2932 ERROR: role "regress_priv_user8" does not exist
2933 -- permissions with LOCK TABLE
2934 CREATE USER regress_locktable_user;
2935 CREATE TABLE lock_table (a int);
2936 -- LOCK TABLE and SELECT permission
2937 GRANT SELECT ON lock_table TO regress_locktable_user;
2938 SET SESSION AUTHORIZATION regress_locktable_user;
2939 BEGIN;
2940 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
2941 COMMIT;
2942 BEGIN;
2943 LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should fail
2944 ERROR: permission denied for table lock_table
2945 ROLLBACK;
2946 BEGIN;
2947 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should fail
2948 ERROR: permission denied for table lock_table
2949 ROLLBACK;
2950 \c
2951 REVOKE SELECT ON lock_table FROM regress_locktable_user;
2952 -- LOCK TABLE and INSERT permission
2953 GRANT INSERT ON lock_table TO regress_locktable_user;
2954 SET SESSION AUTHORIZATION regress_locktable_user;
2955 BEGIN;
2956 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
2957 ROLLBACK;
2958 BEGIN;
2959 LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
2960 COMMIT;
2961 BEGIN;
2962 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should fail
2963 ERROR: permission denied for table lock_table
2964 ROLLBACK;
2965 \c
2966 REVOKE INSERT ON lock_table FROM regress_locktable_user;
2967 -- LOCK TABLE and UPDATE permission
2968 GRANT UPDATE ON lock_table TO regress_locktable_user;
2969 SET SESSION AUTHORIZATION regress_locktable_user;
2970 BEGIN;
2971 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
2972 ROLLBACK;
2973 BEGIN;
2974 LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
2975 COMMIT;
2976 BEGIN;
2977 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
2978 COMMIT;
2979 \c
2980 REVOKE UPDATE ON lock_table FROM regress_locktable_user;
2981 -- LOCK TABLE and DELETE permission
2982 GRANT DELETE ON lock_table TO regress_locktable_user;
2983 SET SESSION AUTHORIZATION regress_locktable_user;
2984 BEGIN;
2985 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
2986 ROLLBACK;
2987 BEGIN;
2988 LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
2989 COMMIT;
2990 BEGIN;
2991 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
2992 COMMIT;
2993 \c
2994 REVOKE DELETE ON lock_table FROM regress_locktable_user;
2995 -- LOCK TABLE and TRUNCATE permission
2996 GRANT TRUNCATE ON lock_table TO regress_locktable_user;
2997 SET SESSION AUTHORIZATION regress_locktable_user;
2998 BEGIN;
2999 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
3000 ROLLBACK;
3001 BEGIN;
3002 LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
3003 COMMIT;
3004 BEGIN;
3005 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
3006 COMMIT;
3007 \c
3008 REVOKE TRUNCATE ON lock_table FROM regress_locktable_user;
3009 -- LOCK TABLE and MAINTAIN permission
3010 GRANT MAINTAIN ON lock_table TO regress_locktable_user;
3011 SET SESSION AUTHORIZATION regress_locktable_user;
3012 BEGIN;
3013 LOCK TABLE lock_table IN ACCESS SHARE MODE; -- should pass
3014 ROLLBACK;
3015 BEGIN;
3016 LOCK TABLE lock_table IN ROW EXCLUSIVE MODE; -- should pass
3017 COMMIT;
3018 BEGIN;
3019 LOCK TABLE lock_table IN ACCESS EXCLUSIVE MODE; -- should pass
3020 COMMIT;
3021 \c
3022 REVOKE MAINTAIN ON lock_table FROM regress_locktable_user;
3023 -- clean up
3024 DROP TABLE lock_table;
3025 DROP USER regress_locktable_user;
3026 -- test to check privileges of system views pg_shmem_allocations and
3027 -- pg_backend_memory_contexts.
3028 -- switch to superuser
3029 \c -
3030 CREATE ROLE regress_readallstats;
3031 SELECT has_table_privilege('regress_readallstats','pg_backend_memory_contexts','SELECT'); -- no
3032 has_table_privilege
3033 ---------------------
3034 f
3035 (1 row)
3037 SELECT has_table_privilege('regress_readallstats','pg_shmem_allocations','SELECT'); -- no
3038 has_table_privilege
3039 ---------------------
3040 f
3041 (1 row)
3043 GRANT pg_read_all_stats TO regress_readallstats;
3044 SELECT has_table_privilege('regress_readallstats','pg_backend_memory_contexts','SELECT'); -- yes
3045 has_table_privilege
3046 ---------------------
3047 t
3048 (1 row)
3050 SELECT has_table_privilege('regress_readallstats','pg_shmem_allocations','SELECT'); -- yes
3051 has_table_privilege
3052 ---------------------
3053 t
3054 (1 row)
3056 -- run query to ensure that functions within views can be executed
3057 SET ROLE regress_readallstats;
3058 SELECT COUNT(*) >= 0 AS ok FROM pg_backend_memory_contexts;
3059 ok
3060 ----
3061 t
3062 (1 row)
3064 SELECT COUNT(*) >= 0 AS ok FROM pg_shmem_allocations;
3065 ok
3066 ----
3067 t
3068 (1 row)
3070 RESET ROLE;
3071 -- clean up
3072 DROP ROLE regress_readallstats;
3073 -- test role grantor machinery
3074 CREATE ROLE regress_group;
3075 CREATE ROLE regress_group_direct_manager;
3076 CREATE ROLE regress_group_indirect_manager;
3077 CREATE ROLE regress_group_member;
3078 GRANT regress_group TO regress_group_direct_manager WITH INHERIT FALSE, ADMIN TRUE;
3079 GRANT regress_group_direct_manager TO regress_group_indirect_manager;
3080 SET SESSION AUTHORIZATION regress_group_direct_manager;
3081 GRANT regress_group TO regress_group_member;
3082 SELECT member::regrole::text, CASE WHEN grantor = 10 THEN 'BOOTSTRAP SUPERUSER' ELSE grantor::regrole::text END FROM pg_auth_members WHERE roleid = 'regress_group'::regrole ORDER BY 1, 2;
3083 member | grantor
3084 ------------------------------+------------------------------
3085 regress_group_direct_manager | BOOTSTRAP SUPERUSER
3086 regress_group_member | regress_group_direct_manager
3087 (2 rows)
3089 REVOKE regress_group FROM regress_group_member;
3090 SET SESSION AUTHORIZATION regress_group_indirect_manager;
3091 GRANT regress_group TO regress_group_member;
3092 SELECT member::regrole::text, CASE WHEN grantor = 10 THEN 'BOOTSTRAP SUPERUSER' ELSE grantor::regrole::text END FROM pg_auth_members WHERE roleid = 'regress_group'::regrole ORDER BY 1, 2;
3093 member | grantor
3094 ------------------------------+------------------------------
3095 regress_group_direct_manager | BOOTSTRAP SUPERUSER
3096 regress_group_member | regress_group_direct_manager
3097 (2 rows)
3099 REVOKE regress_group FROM regress_group_member;
3100 RESET SESSION AUTHORIZATION;
3101 DROP ROLE regress_group;
3102 DROP ROLE regress_group_direct_manager;
3103 DROP ROLE regress_group_indirect_manager;
3104 DROP ROLE regress_group_member;
3105 -- test SET and INHERIT options with object ownership changes
3106 CREATE ROLE regress_roleoption_protagonist;
3107 CREATE ROLE regress_roleoption_donor;
3108 CREATE ROLE regress_roleoption_recipient;
3109 CREATE SCHEMA regress_roleoption;
3110 GRANT CREATE, USAGE ON SCHEMA regress_roleoption TO PUBLIC;
3111 GRANT regress_roleoption_donor TO regress_roleoption_protagonist WITH INHERIT TRUE, SET FALSE;
3112 GRANT regress_roleoption_recipient TO regress_roleoption_protagonist WITH INHERIT FALSE, SET TRUE;
3113 SET SESSION AUTHORIZATION regress_roleoption_protagonist;
3114 CREATE TABLE regress_roleoption.t1 (a int);
3115 CREATE TABLE regress_roleoption.t2 (a int);
3116 SET SESSION AUTHORIZATION regress_roleoption_donor;
3117 CREATE TABLE regress_roleoption.t3 (a int);
3118 SET SESSION AUTHORIZATION regress_roleoption_recipient;
3119 CREATE TABLE regress_roleoption.t4 (a int);
3120 SET SESSION AUTHORIZATION regress_roleoption_protagonist;
3121 ALTER TABLE regress_roleoption.t1 OWNER TO regress_roleoption_donor; -- fails, can't be come donor
3122 ERROR: must be able to SET ROLE "regress_roleoption_donor"
3123 ALTER TABLE regress_roleoption.t2 OWNER TO regress_roleoption_recipient; -- works
3124 ALTER TABLE regress_roleoption.t3 OWNER TO regress_roleoption_protagonist; -- works
3125 ALTER TABLE regress_roleoption.t4 OWNER TO regress_roleoption_protagonist; -- fails, we don't inherit from recipient
3126 ERROR: must be owner of table t4
3127 RESET SESSION AUTHORIZATION;
3128 DROP TABLE regress_roleoption.t1;
3129 DROP TABLE regress_roleoption.t2;
3130 DROP TABLE regress_roleoption.t3;
3131 DROP TABLE regress_roleoption.t4;
3132 DROP SCHEMA regress_roleoption;
3133 DROP ROLE regress_roleoption_protagonist;
3134 DROP ROLE regress_roleoption_donor;
3135 DROP ROLE regress_roleoption_recipient;
3136 -- MAINTAIN
3137 CREATE ROLE regress_no_maintain;
3138 CREATE ROLE regress_maintain;
3139 CREATE ROLE regress_maintain_all IN ROLE pg_maintain;
3140 CREATE TABLE maintain_test (a INT);
3141 CREATE INDEX ON maintain_test (a);
3142 GRANT MAINTAIN ON maintain_test TO regress_maintain;
3143 CREATE MATERIALIZED VIEW refresh_test AS SELECT 1;
3144 GRANT MAINTAIN ON refresh_test TO regress_maintain;
3145 CREATE SCHEMA reindex_test;
3146 -- negative tests; should fail
3147 SET ROLE regress_no_maintain;
3148 VACUUM maintain_test;
3149 WARNING: permission denied to vacuum "maintain_test", skipping it
3150 ANALYZE maintain_test;
3151 WARNING: permission denied to analyze "maintain_test", skipping it
3152 VACUUM (ANALYZE) maintain_test;
3153 WARNING: permission denied to vacuum "maintain_test", skipping it
3154 CLUSTER maintain_test USING maintain_test_a_idx;
3155 ERROR: permission denied for table maintain_test
3156 REFRESH MATERIALIZED VIEW refresh_test;
3157 ERROR: permission denied for materialized view refresh_test
3158 REINDEX TABLE maintain_test;
3159 ERROR: permission denied for table maintain_test
3160 REINDEX INDEX maintain_test_a_idx;
3161 ERROR: permission denied for index maintain_test_a_idx
3162 REINDEX SCHEMA reindex_test;
3163 ERROR: must be owner of schema reindex_test
3164 RESET ROLE;
3165 SET ROLE regress_maintain;
3166 VACUUM maintain_test;
3167 ANALYZE maintain_test;
3168 VACUUM (ANALYZE) maintain_test;
3169 CLUSTER maintain_test USING maintain_test_a_idx;
3170 REFRESH MATERIALIZED VIEW refresh_test;
3171 REINDEX TABLE maintain_test;
3172 REINDEX INDEX maintain_test_a_idx;
3173 REINDEX SCHEMA reindex_test;
3174 ERROR: must be owner of schema reindex_test
3175 RESET ROLE;
3176 SET ROLE regress_maintain_all;
3177 VACUUM maintain_test;
3178 ANALYZE maintain_test;
3179 VACUUM (ANALYZE) maintain_test;
3180 CLUSTER maintain_test USING maintain_test_a_idx;
3181 REFRESH MATERIALIZED VIEW refresh_test;
3182 REINDEX TABLE maintain_test;
3183 REINDEX INDEX maintain_test_a_idx;
3184 REINDEX SCHEMA reindex_test;
3185 RESET ROLE;
3186 DROP TABLE maintain_test;
3187 DROP MATERIALIZED VIEW refresh_test;
3188 DROP SCHEMA reindex_test;
3189 DROP ROLE regress_no_maintain;
3190 DROP ROLE regress_maintain;
3191 DROP ROLE regress_maintain_all;