From ed6eb5aba8547af538c29a27e739ce53a990a063 Mon Sep 17 00:00:00 2001 From: Sven Klemm Date: Thu, 21 Jul 2022 23:22:31 +0200 Subject: [PATCH] Fix chunk creation on hypertables with non-default statistics When triggering chunk creation on a hypertable with non-default statistics targets by a user different from the hypertable owner the chunk creation will fail with a permission error. This patch changes the chunk table creation to run the attribute modification as the table owner. Fixes #4474 --- src/chunk.c | 14 ++++++++++++-- test/expected/alter.out | 20 ++++++++++++++++++++ test/sql/alter.sql | 19 +++++++++++++++++++ 3 files changed, 51 insertions(+), 2 deletions(-) diff --git a/src/chunk.c b/src/chunk.c index 05cc6824cc9..189e98b7f5d 100644 --- a/src/chunk.c +++ b/src/chunk.c @@ -890,6 +890,12 @@ ts_chunk_create_table(const Chunk *chunk, const Hypertable *ht, const char *tabl */ create_toast_table(&stmt.base, objaddr.objectId); + /* + * Some options require being table owner to set for example statistics + * so we have to set them before restoring security context + */ + set_attoptions(rel, objaddr.objectId); + if (uid != saved_uid) SetUserIdAndSecContext(saved_uid, sec_ctx); } @@ -914,6 +920,12 @@ ts_chunk_create_table(const Chunk *chunk, const Hypertable *ht, const char *tabl /* Create the foreign table catalog information */ CreateForeignTable(&stmt, objaddr.objectId); + /* + * Some options require being table owner to set for example statistics + * so we have to set them before restoring security context + */ + set_attoptions(rel, objaddr.objectId); + /* * Need to restore security context to execute remote commands as the * original user @@ -930,8 +942,6 @@ ts_chunk_create_table(const Chunk *chunk, const Hypertable *ht, const char *tabl else elog(ERROR, "invalid relkind \"%c\" when creating chunk", chunk->relkind); - set_attoptions(rel, objaddr.objectId); - table_close(rel, AccessShareLock); return objaddr.objectId; diff --git a/test/expected/alter.out b/test/expected/alter.out index b6a469d3f3d..e62c83516c9 100644 --- a/test/expected/alter.out +++ b/test/expected/alter.out @@ -769,3 +769,23 @@ CREATE VIEW v1 AS SELECT random(); ALTER VIEW v1 SET (autovacuum_enabled = false); ERROR: unrecognized parameter "autovacuum_enabled" \set ON_ERROR_STOP 1 +-- issue 4474 +-- test hypertable with non-default statistics target +-- and chunk creation triggered by non-owner +CREATE ROLE role_4474; +CREATE TABLE i4474(time timestamptz NOT NULL); +SELECT table_name FROM public.create_hypertable( 'i4474', 'time'); + table_name +------------ + i4474 +(1 row) + +GRANT SELECT, INSERT on i4474 TO role_4474; +-- create chunk as owner +INSERT INTO i4474 SELECT '2020-01-01'; +-- set statistics +ALTER TABLE i4474 ALTER COLUMN time SET statistics 10; +-- create chunk as non-owner +SET ROLE role_4474; +INSERT INTO i4474 SELECT '2021-01-01'; +RESET ROLE; diff --git a/test/sql/alter.sql b/test/sql/alter.sql index 888ac579a61..14cb3527df0 100644 --- a/test/sql/alter.sql +++ b/test/sql/alter.sql @@ -428,3 +428,22 @@ CREATE VIEW v1 AS SELECT random(); ALTER VIEW v1 SET (autovacuum_enabled = false); \set ON_ERROR_STOP 1 +-- issue 4474 +-- test hypertable with non-default statistics target +-- and chunk creation triggered by non-owner +CREATE ROLE role_4474; +CREATE TABLE i4474(time timestamptz NOT NULL); +SELECT table_name FROM public.create_hypertable( 'i4474', 'time'); +GRANT SELECT, INSERT on i4474 TO role_4474; + +-- create chunk as owner +INSERT INTO i4474 SELECT '2020-01-01'; + +-- set statistics +ALTER TABLE i4474 ALTER COLUMN time SET statistics 10; + +-- create chunk as non-owner +SET ROLE role_4474; +INSERT INTO i4474 SELECT '2021-01-01'; +RESET ROLE; +