8000 Remove ALTER DEFAULT PRIVILEGES' requirement of schema CREATE permiss… · sqlparser/postgres@1476a94 · GitHub
[go: up one dir, main page]
Skip to content

Commit 1476a94

Browse files
tglsfdctglsfdc
committed
Remove ALTER DEFAULT PRIVILEGES' requirement of schema CREATE permissions.
Per discussion, this restriction isn't needed for any real security reason, and it seems to confuse people more often than it helps them. It could also result in some database states being unrestorable. So just drop it. Back-patch to 9.0, where ALTER DEFAULT PRIVILEGES was introduced.
1 parent 489be9c commit 1476a94

File tree

2 files changed

+14
-16
lines changed

2 files changed

+14
-16
lines changed

doc/src/sgml/ref/alter_default_privileges.sgml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -111,8 +111,8 @@ REVOKE [ GRANT OPTION FOR ]
111111
<term><replaceable>schema_name</replaceable></term>
112112
<listitem>
113113
<para>
114-
The name of an existing schema. Each <replaceable>target_role</>
115-
must have <literal>CREATE</> privileges for each specified schema.
114+
The name of an existing schema. If specified, the default privileges
115+
are altered for objects later created in that schema.
116116
If <literal>IN SCHEMA</> is omitted, the global default privileges
117117
are altered.
118118
</para>

src/backend/catalog/aclchk.c

Lines changed: 12 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1028,33 +1028,31 @@ SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
10281028
}
10291029
else
10301030
{
1031-
/* Look up the schema OIDs and do permissions checks */
1031+
/* Look up the schema OIDs and set permissions for each one */
10321032
ListCell *nspcell;
10331033

10341034
foreach(nspcell, nspnames)
10351035
{
10361036
char *nspname = strVal(lfirst(nspcell));
1037-
AclResult aclresult;
10381037

1039-
/*
1040-
* Normally we'd use LookupCreationNamespace here, but it's
1041-
* important to do the permissions check against the target role
1042-
* not the calling user, so write it out in full. We require
1043-
* CREATE privileges, since without CREATE you won't be able to do
1044-
* anything using the default privs anyway.
1045-
*/
10461038
iacls->nspid = GetSysCacheOid1(NAMESPACENAME,
10471039
CStringGetDatum(nspname));
10481040
if (!OidIsValid(iacls->nspid))
10491041
ereport(ERROR,
10501042
(errcode(ERRCODE_UNDEFINED_SCHEMA),
10511043
errmsg("schema \"%s\" does not exist", nspname)));
10521044

1053-
aclresult = pg_namespace_aclcheck(iacls->nspid, iacls->roleid,
1054-
ACL_CREATE);
1055-
if (aclresult != ACLCHECK_OK)
1056-
aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
1057-
nspname);
1045+
/*
1046+
* We used to insist that the target role have CREATE privileges
1047+
* on the schema, since without that it wouldn't be able to create
1048+
* an object for which these default privileges would apply.
1049+
* However, this check proved to be more confusing than helpful,
1050+
* and it also caused certain database states to not be
1051+
* dumpable/restorable, since revoking CREATE doesn't cause
1052+
* default privileges for the schema to go away. So now, we just
1053+
* allow the ALTER; if the user lacks CREATE he'll find out when
1054+
* he tries to create an object.
1055+
*/
10581056

10591057
SetDefaultACL(iacls);
10601058
}

0 commit comments

Comments
 (0)
0