external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Review changes

pg16_grant_inherit_set
Jodi-Ann Francis 2023-08-30 15:09:59 -04:00 committed by francisjodi
parent 29dbabbcf3
commit 587718aeae
2 changed files with 73 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/backend/distributed/deparser/deparse_role_stmts.c
View File

@ -408,31 +408,20 @@ AppendRevokeAdminOptionFor(StringInfo buf, GrantRoleStmt *stmt)
{
switch (opt->defname)
{
case "admin":
appendStringInfo(buf, "ADMIN OPTION FOR ");
opt_count++;
break;
case "inherit":
if (opt_count > 0)
{
appendStringInfo(buf, ", ");
}
appendStringInfo(buf, "INHERIT OPTION FOR ");
opt_count++;
break;
case "set":
if (opt_count > 0)
{
appendStringInfo(buf, ", ");
}
appendStringInfo(buf, "SET OPTION FOR ");
opt_count++;
break;
appendStringInfo(buf, "ADMIN OPTION FOR ");
}
else if (strcmp(opt->defname, "inherit") == 0);
{
appendStringInfo(buf, "INHERIT TRUE");
appendStringInfo(buf, "GRANT x TO y WITH INHERIT TRUE, SET TRUE;");
}
else if (strcmp(opt->defname, "set") == 0)
{
appendStringInfo(buf, "SET TRUE");
}
}
}
}
#else
if (!stmt->is_grant && stmt->admin_opt)
{

62
src/test/regress/sql/pg16.sql
View File

@ -844,3 +844,65 @@ SELECT result FROM run_command_on_workers
SET client_min_messages TO ERROR;
DROP SCHEMA pg16 CASCADE;
--
-- PG16 allows GRANT WITH ADMIN | INHERIT | SET
--
-- GRANT privileges to a role or roles
\c - - - :master_port
CREATE ROLE create_role;
CREATE ROLE create_role_2;
CREATE ROLE create_role_3;
CREATE ROLE create_role_4;
CREATE USER create_user;
CREATE USER create_user_2;
CREATE GROUP create_group;
CREATE GROUP create_group_2;
--test grant role
GRANT create_group TO create_role;
GRANT create_group TO create_role_2 WITH ADMIN OPTION;
GRANT create_group TO create_role_3 WITH INHERIT;
GRANT create_group TO create_role_4 WITH SET;
-- ADMIN role can perfom administrative tasks
-- role can now access the data and permissions of the table (owner of table)
-- role can change current user to any other user/role that has access
GRANT ADMIN ON DATABASE db_name TO role_name;
GRANT INHERIT ON TABLE table_name TO role_name;
GRANT SET SESSION AUTHORIZATION TO role_name;
SELECT * FROM table_name WHERE column_name = 'value';
SELECT COUNT(*) FROM table_name WHERE column_name = 'value';
--
-- PG16 allows GRANT WITH ADMIN | INHERIT | SET
--
-- GRANT privileges to a role or roles
\c - - - :master_port
CREATE ROLE create_role;
CREATE ROLE create_role_2;
CREATE ROLE create_role_3;
CREATE ROLE create_role_4;
CREATE USER create_user;
CREATE USER create_user_2;
CREATE GROUP create_group;
CREATE GROUP create_group_2;
--test grant role
GRANT create_group TO create_role;
GRANT create_group TO create_role_2 WITH ADMIN OPTION;
GRANT create_group TO create_role_3 WITH INHERIT;
GRANT create_group TO create_role_4 WITH SET;
-- ADMIN role can perfom administrative tasks
-- role can now access the data and permissions of the table (owner of table)
-- role can change current user to any other user/role that has access
GRANT ADMIN ON DATABASE db_name TO role_name;
GRANT INHERIT ON TABLE table_name TO role_name;
GRANT SET SESSION AUTHORIZATION TO role_name;
SELECT * FROM table_name WHERE column_name = 'value';
SELECT COUNT(*) FROM table_name WHERE column_name = 'value';