diff options
| author | Bruce Momjian <bruce@momjian.us> | 2000-06-09 15:51:02 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2000-06-09 15:51:02 +0000 |
| commit | 85add42a570cdb4be2d674e62535eb54b4dcd5cf (patch) | |
| tree | dbf157f4e38ff97df572bda2244d7280338bf541 /src/backend/commands/command.c | |
| parent | a672e9650abcc9a08df06dd075a884543f3d87f3 (diff) | |
| download | postgresql-85add42a570cdb4be2d674e62535eb54b4dcd5cf.tar.gz postgresql-85add42a570cdb4be2d674e62535eb54b4dcd5cf.zip | |
I have large database and with this DB work more users and I very need
more restriction for fretful users. The current PG allow define only
NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need
NO-CREATE-TABLE and NO-LOCK-TABLE.
This patch add to current code NOCREATETABLE and NOLOCKTABLE feature:
CREATE USER username
[ WITH
[ SYSID uid ]
[ PASSWORD 'password' ] ]
[ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
-> [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ]
...etc.
If CREATETABLE or LOCKTABLE is not specific in CREATE USER command,
as default is set CREATETABLE or LOCKTABLE (true).
A user with NOCREATETABLE restriction can't call CREATE TABLE or
SELECT INTO commands, only create temp table is allow for him.
Karel
Diffstat (limited to 'src/backend/commands/command.c')
| -rw-r--r-- | src/backend/commands/command.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/backend/commands/command.c b/src/backend/commands/command.c index 38cee644b22..48d2b4cbc34 100644 --- a/src/backend/commands/command.c +++ b/src/backend/commands/command.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.77 2000/06/04 22:04:32 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.78 2000/06/09 15:50:43 momjian Exp $ * * NOTES * The PortalExecutorHeapMemory crap needs to be eliminated @@ -30,6 +30,7 @@ #include "commands/command.h" #include "executor/spi.h" #include "catalog/heap.h" +#include "catalog/pg_shadow.h" #include "miscadmin.h" #include "optimizer/prep.h" #include "utils/acl.h" @@ -1211,6 +1212,21 @@ LockTableCommand(LockStmt *lockstmt) { Relation rel; int aclresult; + HeapTuple tup; + + + /* ---------- + * Check pg_shadow for global lock setting + * ---------- + */ + tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0); + + if (!HeapTupleIsValid(tup)) + elog(ERROR, "LOCK TABLE: look at pg_shadow failed"); + + if (!((Form_pg_shadow) GETSTRUCT(tup))->uselocktable) + elog(ERROR, "LOCK TABLE: permission denied"); + rel = heap_openr(lockstmt->relname, NoLock); if (!RelationIsValid(rel)) |