-
Notifications
You must be signed in to change notification settings - Fork 546
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement pg_catalog.has_table_privilege #15748
Comments
I've tried out to implement this, and the issue I'm facing is the overload of the function where the user passes
So we create the oid for every schema in the granted (or denied) privileges of the user and we try to match it against the oid passed as argument to the has_schema_privilege function.
|
Less performant but another option could be to regenerate oids for all existing tables in order to find out the oid -> table mapping. |
I don't get what you mean, the hash function is one way. We need to iterate over the table privileges of the user, and for every table listed in the user privileges, produce the oid, and compare it to the oid passed to the hasTablePrivileges() function. |
Since you mentioned that the problem was with the user providing
I also think we could consider reducing the scope. |
the function should work for tables and views:
So if an |
Going over just the privileges of the user, won't work as the oid passed would be of a table (or view) so if the user has privs for the schema of that table (or view) the provided oid won't match anything in the user's privileges, and we will return wrong result. |
It's implemented by #15965, Thanks! |
Problem Statement
Some tools (see labels) rely on this function.
Possible Solutions
Implement it as defined in https://www.postgresql.org/docs/7.3/functions-misc.html
Please note this function has 2 signatures.
Theobald Software (Xtract Universal) uses
(table, access)
Metabase uses
(user, table, access)
Considered Alternatives
Mock them with:
The text was updated successfully, but these errors were encountered: