From b167d57d5af09527af61952296f1db8761cbee38 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Sun, 12 Feb 2017 16:03:41 -0500 Subject: [PATCH] Ignore tablespace ACLs when ignoring schema ACLs. The ALTER TABLE ALTER TYPE implementation can issue DROP INDEX and CREATE INDEX to refit existing indexes for the new column type. Since this CREATE INDEX is an implementation detail of an index alteration, the ensuing DefineIndex() should skip ACL checks specific to index creation. It already skips the namespace ACL check. Make it skip the tablespace ACL check, too. Back-patch to 9.2 (all supported versions). Reviewed by Tom Lane. --- src/backend/commands/indexcmds.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/backend/commands/indexcmds.c b/src/backend/commands/indexcmds.c index 1b5bf474a1c..fb51a793643 100644 --- a/src/backend/commands/indexcmds.c +++ b/src/backend/commands/indexcmds.c @@ -285,8 +285,8 @@ CheckIndexCompatible(Oid oldId, * 'indexRelationId': normally InvalidOid, but during bootstrap can be * nonzero to specify a preselected OID for the index. * 'is_alter_table': this is due to an ALTER rather than a CREATE operation. - * 'check_rights': check for CREATE rights in the namespace. (This should - * be true except when ALTER is deleting/recreating an index.) + * 'check_rights': check for CREATE rights in namespace and tablespace. (This + * should be true except when ALTER is deleting/recreating an index.) * 'skip_build': make the catalog entries but leave the index file empty; * it will be filled later. * 'quiet': suppress the NOTICE chatter ordinarily provided for constraints. @@ -421,8 +421,9 @@ DefineIndex(Oid relationId, /* note InvalidOid is OK in this case */ } - /* Check permissions except when using database's default */ - if (OidIsValid(tablespaceId) && tablespaceId != MyDatabaseTableSpace) + /* Check tablespace permissions */ + if (check_rights && + OidIsValid(tablespaceId) && tablespaceId != MyDatabaseTableSpace) { AclResult aclresult;