diff options
| author | Bruce Momjian <bruce@momjian.us> | 2006-01-21 02:16:21 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2006-01-21 02:16:21 +0000 |
| commit | 4789e9880148660c7126aef4fbaf5563be6ff167 (patch) | |
| tree | 8fb5643fbab6a7c41b36cc19409749df1ddb03ad /src/backend/commands/sequence.c | |
| parent | 33feb55c478af5f7a4c61232729c524d69d8d965 (diff) | |
| download | postgresql-4789e9880148660c7126aef4fbaf5563be6ff167.tar.gz postgresql-4789e9880148660c7126aef4fbaf5563be6ff167.zip | |
Add GRANT ON SEQUENCE syntax to support sequence-only permissions.
Continue to support GRANT ON [TABLE] for sequences for backward
compatibility; issue warning for invalid sequence permissions.
[Backward compatibility warning message.]
Add USAGE permission for sequences that allows only currval() and
nextval(), not setval().
Mention object name in grant/revoke warnings because of possible
multi-object operations.
Diffstat (limited to 'src/backend/commands/sequence.c')
| -rw-r--r-- | src/backend/commands/sequence.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/backend/commands/sequence.c b/src/backend/commands/sequence.c index 9c1efe856ce..53244cbedc2 100644 --- a/src/backend/commands/sequence.c +++ b/src/backend/commands/sequence.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/sequence.c,v 1.126 2005/11/22 18:17:09 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/commands/sequence.c,v 1.127 2006/01/21 02:16:18 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -422,7 +422,8 @@ nextval_internal(Oid relid) /* open and AccessShareLock sequence */ init_sequence(relid, &elm, &seqrel); - if (pg_class_aclcheck(elm->relid, GetUserId(), ACL_UPDATE) != ACLCHECK_OK) + if (pg_class_aclcheck(elm->relid, GetUserId(), ACL_USAGE) != ACLCHECK_OK && + pg_class_aclcheck(elm->relid, GetUserId(), ACL_UPDATE) != ACLCHECK_OK) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied for sequence %s", @@ -613,7 +614,8 @@ currval_oid(PG_FUNCTION_ARGS) /* open and AccessShareLock sequence */ init_sequence(relid, &elm, &seqrel); - if (pg_class_aclcheck(elm->relid, GetUserId(), ACL_SELECT) != ACLCHECK_OK) + if (pg_class_aclcheck(elm->relid, GetUserId(), ACL_SELECT) != ACLCHECK_OK && + pg_class_aclcheck(elm->relid, GetUserId(), ACL_USAGE) != ACLCHECK_OK) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied for sequence %s", @@ -657,7 +659,8 @@ lastval(PG_FUNCTION_ARGS) /* nextval() must have already been called for this sequence */ Assert(last_used_seq->increment != 0); - if (pg_class_aclcheck(last_used_seq->relid, GetUserId(), ACL_SELECT) != ACLCHECK_OK) + if (pg_class_aclcheck(last_used_seq->relid, GetUserId(), ACL_SELECT) != ACLCHECK_OK && + pg_class_aclcheck(last_used_seq->relid, GetUserId(), ACL_USAGE) != ACLCHECK_OK) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("permission denied for sequence %s", |