database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-09-02 04:21:28 +03:00
Code Activity

Relax INSERT privilege requirement for CTAS and matviews WITH NO DATA

Browse Source 
When specified, WITH NO DATA does not insert any data into the relation
created, so skip checking for the insert permissions.  With WITH DATA or
WITH NO DATA, it is always required for the user to have CREATE
privileges on the schema targeted for the relation.

Note that plain CREATE TABLE AS or CREATE MATERIALIZED VIEW queries have
begun to work accidentally without INSERT privilege checks as of
874fe3ae, while using EXECUTE or EXPLAIN ANALYZE would fail with the ACL
check, so this makes the behavior for all the command flavors consistent
with each other.  This is arguably a bug fix, but there have been no
complaints about the current behavior either so stable branches are not
changed.

While on it, document properly the privileges requirements for each
commands with more tests for all the scenarios possible, and avoid a
useless bulk-insert allocation when using WITH NO DATA.

Author: Bharath Rupireddy
Reviewed-by: Anastasia Lubennikova, Michael Paquier
Discussion: https://postgr.es/m/CALj2ACWc3N8j0_9nMPz9wcAUnVcdKHzFdDZJ3hVFNEbqtcyG9w@mail.gmail.com
This commit is contained in:
Michael Paquier
2020-11-16 11:52:40 +09:00
parent 29d29d652f
commit 846005e4f3
7 changed files with 212 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
doc/src/sgml/ref/create_materialized_view.sgml
View File

@@ -48,6 +48,13 @@ CREATE MATERIALIZED VIEW [ IF NOT EXISTS ] <replaceable>table_name</replaceable>
A materialized view has many of the same properties as a table, but there
is no support for temporary materialized views.
</para>
<para>
<command>CREATE MATERIALIZED VIEW</command> requires
<literal>CREATE</literal> privilege on the schema used for the materialized
view. If using <command>WITH DATA</command>, the default,
<literal>INSERT</literal> privilege is also required.
</para>
</refsect1>
<refsect1>

7
doc/src/sgml/ref/create_table_as.sgml
View File

@@ -53,6 +53,13 @@ CREATE [ [ GLOBAL | LOCAL ] { TEMPORARY | TEMP } | UNLOGGED ] TABLE [ IF NOT EXI
defining <command>SELECT</command> statement whenever it is
queried.
</para>
<para>
<command>CREATE TABLE AS</command> requires <literal>CREATE</literal>
privilege on the schema used for the table. If using
<command>WITH DATA</command>, the default, <literal>INSERT</literal>
privilege is also required.
</para>
</refsect1>
<refsect1>