database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-12 05:01:15 +03:00
Code Activity

I have large database and with this DB work more users and I very need

Browse Source 
more restriction for fretful users. The current PG allow define only
NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need
NO-CREATE-TABLE and NO-LOCK-TABLE.

This patch add to current code NOCREATETABLE and NOLOCKTABLE feature:

CREATE USER username
    [ WITH
     [ SYSID uid ]
     [ PASSWORD 'password' ] ]
    [ CREATEDB   | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
->  [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ]
    ...etc.

 If CREATETABLE or LOCKTABLE is not specific in CREATE USER command,
as default is set CREATETABLE or LOCKTABLE (true).

 A user with NOCREATETABLE restriction can't call CREATE TABLE or
SELECT INTO commands, only create temp table is allow for him.

                                                Karel
This commit is contained in:
Bruce Momjian
2000-06-09 15:51:02 +00:00
parent a672e9650a
commit 85add42a57
13 changed files with 225 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/backend/tcop/pquery.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.32 2000/06/04 22:08:53 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.33 2000/06/09 15:50:46 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -20,6 +20,9 @@
#include "executor/executor.h"
#include "tcop/pquery.h"
#include "utils/ps_status.h"
#include "catalog/pg_shadow.h"
#include "miscadmin.h"
#include "utils/syscache.h"
static char *CreateOperationTag(int operationType);
static void ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset,
@@ -250,6 +253,23 @@ ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset, Node *limcount)
else if (parseTree->into != NULL)
{
/* select into table */
if (!parseTree->isTemp) {
HeapTuple tup;
/* ----------
* Check pg_shadow for global createTable setting
* ----------
*/
tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
if (!HeapTupleIsValid(tup))
elog(ERROR, "ProcessQueryDesc: look at pg_shadow failed");
if (!((Form_pg_shadow) GETSTRUCT(tup))->usecreatetable)
elog(ERROR, "SELECT INTO TABLE: permission denied");
}
isRetrieveIntoRelation = true;
}