database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

Add context info to OAT_POST_CREATE security hook

Browse Source 
... and have sepgsql use it to determine whether to check permissions
during certain operations.  Indexes that are being created as a result
of REINDEX, for instance, do not need to have their permissions checked;
they were already checked when the index was created.

Author: KaiGai Kohei, slightly revised by me
This commit is contained in:
Alvaro Herrera
2012-10-23 18:07:26 -03:00
parent 4c9d0901f1
commit f4c4335a4a
16 changed files with 336 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
doc/src/sgml/sepgsql.sgml
View File

@ -449,6 +449,12 @@ UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100;
<literal>remove_name</> on the schema.
</para>
<para>
When objects that are subsidiary of other objects (such as a table's indexes
or triggers) are created or dropped, <literal>setattr</> permission will be
checked on the main object, instead of the subsidiary object itself.
</para>
<para>
When <xref linkend="sql-security-label"> is executed, <literal>setattr</>
and <literal>relabelfrom</> will be checked on the object being relabeled