sql: implement privilege-related built-ins. #22734
Assignees
Milestone
Comments
|
@jordanlewis mentioned the need for |
|
That's needed for #15441. |
|
Related to #20784 as well. @jordanlewis we can probably close that in favor of this issue. I mocked out |
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Mar 3, 2018
Fixes cockroachdb#22734. Fixes cockroachdb#20784. Relates to cockroachdb#15441. This change introduces a series of Postgres-compatible privilege-related builtin functions: - `has_any_column_privilege` - `has_column_privilege` - `has_database_privilege` - `has_foreign_data_wrapper_privilege` - `has_function_privilege` - `has_language_privilege` - `has_schema_privilege` - `has_sequence_privilege` - `has_server_privilege` - `has_table_privilege` - `has_tablespace_privilege` - `has_type_privilege` - `pg_has_role` (_coming soon!_) These all follow the specification documented by Postgres in: https://www.postgresql.org/docs/8.4/static/functions-info.html#FUNCTIONS-INFO-ACCESS-TABLE These Access Privilege Inquiry Functions allow users to query object access privileges programmatically. Each function has a number of variants, which differ based on their function signatures. These signatures have the following structure: ``` - optional "user" argument - if used, can be a STRING or an OID type - if not used, current_user is assumed - series of one or more object specifier arguments - each can accept multiple types - a "privilege" argument - must be a STRING - parsed as a comma-separated list of privilege ``` This means that in total, each function has at least 6 variants. The main reason for adding these builtins in is because they were the last remaining issue that was blocking full compatibility with pgweb. Pgweb is a web-based database browser written in Go, which means that can run on OSX, Linux and Windows machines! Release note (sql change): Introduces a series of Postgres-compatible privilege-related builtin functions.
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Mar 14, 2018
Fixes cockroachdb#22734. Fixes cockroachdb#20784. Relates to cockroachdb#15441. This change introduces a series of Postgres-compatible privilege-related builtin functions: - `has_any_column_privilege` - `has_column_privilege` - `has_database_privilege` - `has_foreign_data_wrapper_privilege` - `has_function_privilege` - `has_language_privilege` - `has_schema_privilege` - `has_sequence_privilege` - `has_server_privilege` - `has_table_privilege` - `has_tablespace_privilege` - `has_type_privilege` - `pg_has_role` (_coming soon!_) These all follow the specification documented by Postgres in: https://www.postgresql.org/docs/8.4/static/functions-info.html#FUNCTIONS-INFO-ACCESS-TABLE These Access Privilege Inquiry Functions allow users to query object access privileges programmatically. Each function has a number of variants, which differ based on their function signatures. These signatures have the following structure: ``` - optional "user" argument - if used, can be a STRING or an OID type - if not used, current_user is assumed - series of one or more object specifier arguments - each can accept multiple types - a "privilege" argument - must be a STRING - parsed as a comma-separated list of privilege ``` This means that in total, each function has at least 6 variants. The main reason for adding these builtins in is because they were the last remaining issue that was blocking full compatibility with pgweb. Pgweb is a web-based database browser written in Go, which means that can run on OSX, Linux and Windows machines! Release note (sql change): Introduces a series of Postgres-compatible privilege-related builtin functions.
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Mar 14, 2018
Fixes cockroachdb#22734. Fixes cockroachdb#20784. Relates to cockroachdb#15441. This change introduces a series of Postgres-compatible privilege-related builtin functions: - `has_any_column_privilege` - `has_column_privilege` - `has_database_privilege` - `has_foreign_data_wrapper_privilege` - `has_function_privilege` - `has_language_privilege` - `has_schema_privilege` - `has_sequence_privilege` - `has_server_privilege` - `has_table_privilege` - `has_tablespace_privilege` - `has_type_privilege` - `pg_has_role` (_coming soon!_) These all follow the specification documented by Postgres in: https://www.postgresql.org/docs/8.4/static/functions-info.html#FUNCTIONS-INFO-ACCESS-TABLE These Access Privilege Inquiry Functions allow users to query object access privileges programmatically. Each function has a number of variants, which differ based on their function signatures. These signatures have the following structure: ``` - optional "user" argument - if used, can be a STRING or an OID type - if not used, current_user is assumed - series of one or more object specifier arguments - each can accept multiple types - a "privilege" argument - must be a STRING - parsed as a comma-separated list of privilege ``` This means that in total, each function has at least 6 variants. The main reason for adding these builtins in is because they were the last remaining issue that was blocking full compatibility with pgweb. Pgweb is a web-based database browser written in Go, which means that can run on OSX, Linux and Windows machines! Release note (sql change): Introduces a series of Postgres-compatible privilege-related builtin functions.
nvanbenschoten
added a commit
to nvanbenschoten/cockroach
that referenced
this issue
Mar 14, 2018
Fixes cockroachdb#22734. Fixes cockroachdb#20784. Relates to cockroachdb#15441. This change introduces a series of Postgres-compatible privilege-related builtin functions: - `has_any_column_privilege` - `has_column_privilege` - `has_database_privilege` - `has_foreign_data_wrapper_privilege` - `has_function_privilege` - `has_language_privilege` - `has_schema_privilege` - `has_sequence_privilege` - `has_server_privilege` - `has_table_privilege` - `has_tablespace_privilege` - `has_type_privilege` - `pg_has_role` (_coming soon!_) These all follow the specification documented by Postgres in: https://www.postgresql.org/docs/8.4/static/functions-info.html#FUNCTIONS-INFO-ACCESS-TABLE These Access Privilege Inquiry Functions allow users to query object access privileges programmatically. Each function has a number of variants, which differ based on their function signatures. These signatures have the following structure: ``` - optional "user" argument - if used, can be a STRING or an OID type - if not used, current_user is assumed - series of one or more object specifier arguments - each can accept multiple types - a "privilege" argument - must be a STRING - parsed as a comma-separated list of privilege ``` This means that in total, each function has at least 6 variants. The main reason for adding these builtins in is because they were the last remaining issue that was blocking full compatibility with pgweb. Pgweb is a web-based database browser written in Go, which means that can run on OSX, Linux and Windows machines! Release note (sql change): Introduces a series of Postgres-compatible privilege-related builtin functions.
craig bot
pushed a commit
that referenced
this issue
Sep 16, 2021
69939: sql: implement pg_has_role r=nvanbenschoten a=nvanbenschoten Needed for #69010. Related to #22734. This commit implements the `pg_has_role` builtin function. `pg_has_role` returns whether the user has privileges for a specified role or not. Allowable privilege types are MEMBER and USAGE. MEMBER denotes direct or indirect membership in the role (that is, the right to do SET ROLE), while USAGE denotes whether the privileges of the role are immediately available without doing SET ROLE. `pg_has_role` was the last remaining unimplemented "access privilege inquiry functions", and was omitted from 94c25be because our role-based access control system was not mature enough to support it at the time. The commit also makes a small modification to `pg_catalog.pg_roles` and `pg_catalog.pg_authid` to reflect that fact that all users and roles inherit the privileges of roles they are members of. Release note (sql change): The pg_has_role builtin function is now supported, which returns whether a given user has privileges for a specified role or not. Release justification: None, waiting for v22.1. Co-authored-by: Nathan VanBenschoten <nvanbenschoten@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The postgresql list is: https://www.postgresql.org/docs/8.4/static/functions-info.html#FUNCTIONS-INFO-ACCESS-TABLE
Obviously some do not apply to us, but we could easily implement table/schema/role related functions.
The text was updated successfully, but these errors were encountered: