Fix pg_init_privs objsubid handling

pg_init_privs can have multiple entries per relation if the relation has per column privileges. An objsubid different from 0 means that the entry is for a column privilege. Since we do not currently restore column privileges we have to ignore those rows otherwise the update script will fail when tables with column privileges are present.
timescale · Jun 15, 2021 · 02012b4 · 02012b4
1 parent e5837a5
commit 02012b4
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 4 deletions.
diff --git a/sql/updates/post-update.sql b/sql/updates/post-update.sql
@@ -55,13 +55,14 @@ ON CONFLICT DO NOTHING;
 WITH to_update AS (
      SELECT objoid, tmpini
      FROM pg_class cl JOIN pg_namespace ns ON ns.oid = relnamespace
-   		      JOIN pg_init_privs ip ON ip.objoid = cl.oid
+		      JOIN pg_init_privs ip ON ip.objoid = cl.oid AND ip.objsubid = 0
 		      JOIN saved_privs ON tmpnsp = nspname AND tmpname = relname)
 UPDATE pg_init_privs
    SET initprivs = tmpini
   FROM to_update
  WHERE to_update.objoid = pg_init_privs.objoid
-   AND classoid = 'pg_class'::regclass;
+   AND classoid = 'pg_class'::regclass
+   AND objsubid = 0;
 
 -- Can only restore permissions on views after they have been rebuilt,
 -- so we restore for all types of objects here.

diff --git a/sql/updates/pre-update.sql b/sql/updates/pre-update.sql
@@ -42,7 +42,7 @@ CREATE TABLE saved_privs(
 INSERT INTO saved_privs
 SELECT nspname, relname, relacl, initprivs
   FROM pg_class cl JOIN pg_namespace ns ON ns.oid = relnamespace
-                   JOIN pg_init_privs ip ON ip.objoid = cl.oid
+                   JOIN pg_init_privs ip ON ip.objoid = cl.oid AND ip.objsubid = 0
 WHERE nspname IN ('_timescaledb_catalog', '_timescaledb_config')
    OR nspname = '_timescaledb_internal'
   AND relname IN ('hypertable_chunk_local_size', 'compressed_chunk_stats',

diff --git a/test/sql/updates/post.catalog.sql b/test/sql/updates/post.catalog.sql
@@ -21,7 +21,7 @@ SELECT nspname AS schema,
        relname AS name,
        unnest(initprivs)::text AS initpriv
 FROM pg_class cl JOIN pg_namespace ns ON ns.oid = relnamespace
-            LEFT JOIN pg_init_privs ON objoid = cl.oid
+            LEFT JOIN pg_init_privs ON objoid = cl.oid AND objsubid = 0
 WHERE classoid = 'pg_class'::regclass
   AND nspname IN ('_timescaledb_catalog', '_timescaledb_config')
 ORDER BY schema, name, initpriv;