Skip to content

Commit

Permalink
Improve default and empty privilege outputs in psql.
Browse files Browse the repository at this point in the history 
Default privileges are represented as NULL::aclitem[] in catalog ACL
columns, while revoking all privileges leaves an empty aclitem[].
These two cases used to produce identical output in psql meta-commands
like \dp.  Using something like "\pset null '(default)'" as a
workaround for spotting the difference did not work, because null
values were always displayed as empty strings by describe.c's
meta-commands.

This patch improves that with two changes:

1. Print "(none)" for empty privileges so that the user is able to
   distinguish them from default privileges, even without special
   workarounds.

2. Remove the special handling of null values in describe.c,
   so that "\pset null" is honored like everywhere else.
   (This affects all output from these commands, not only ACLs.)

The privileges shown by \dconfig+ and \ddp as well as the column
privileges shown by \dp are not affected by change #1, because the
respective aclitem[] is reset to NULL or deleted from the catalog
instead of leaving an empty array.

Erik Wienhold and Laurenz Albe

Discussion: https://postgr.es/m/1966228777.127452.1694979110595@office.mailbox.org
  • Loading branch information
@tglsfdc
tglsfdc committed Nov 13, 2023
1 parent bd86407 commit d1379eb
Show file tree
Hide file tree
Showing 4 changed files with 115 additions and 45 deletions.
16 changes: 15 additions & 1 deletion doc/src/sgml/ddl.sgml
View file
Expand Up @@ -1737,6 +1737,11 @@ ALTER TABLE products RENAME TO items;
<primary>ACL</primary>
</indexterm>

<indexterm zone="ddl-priv-default">
<primary>privilege</primary>
<secondary>default</secondary>
</indexterm>

<para>
When an object is created, it is assigned an owner. The
owner is normally the role that executed the creation statement.
Expand Down Expand Up @@ -2049,7 +2054,7 @@ REVOKE ALL ON accounts FROM PUBLIC;
reference page of the respective command.
</para>

<para>
<para id="ddl-priv-default">
PostgreSQL grants privileges on some types of objects to
<literal>PUBLIC</literal> by default when the objects are created.
No privileges are granted to <literal>PUBLIC</literal> by default on
Expand Down Expand Up @@ -2375,6 +2380,15 @@ GRANT SELECT (col1), UPDATE (col1) ON mytable TO miriam_rw;
access privileges display. A <literal>*</literal> will appear only when
grant options have been explicitly granted to someone.
</para>

<para>
The <quote>Access privileges</quote> column
shows <literal>(none)</literal> when the object's privileges entry is
non-null but empty. This means that no privileges are granted at all,
even to the object's owner &mdash; a rare situation. (The owner still
has implicit grant options in this case, and so could re-grant her own
privileges; but she has none at the moment.)
</para>
</sect1>

<sect1 id="ddl-rowsecurity">
Expand Down

0 comments on commit d1379eb

Please sign in to comment.