I have large database and with this DB work more users and I very need

more restriction for fretful users. The current PG allow define only
NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need
NO-CREATE-TABLE and NO-LOCK-TABLE.

This patch add to current code NOCREATETABLE and NOLOCKTABLE feature:

CREATE USER username
    [ WITH
     [ SYSID uid ]
     [ PASSWORD 'password' ] ]
    [ CREATEDB   | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
->  [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ]
    ...etc.

 If CREATETABLE or LOCKTABLE is not specific in CREATE USER command,
as default is set CREATETABLE or LOCKTABLE (true).

 A user with NOCREATETABLE restriction can't call CREATE TABLE or
SELECT INTO commands, only create temp table is allow for him.

                                                Karel

1 files changed, 35 insertions, 4 deletions

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 55dcd55adf1..512c5b4c2a3 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.58 2000/06/09 01:11:04 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.59 2000/06/09 15:50:43 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -250,6 +250,10 @@ CreateUser(CreateUserStmt *stmt)
 		return;
 	}
 
+    AssertState(BoolIsValid(stmt->createtable));
+    new_record[Anum_pg_shadow_usecreatetable-1] = (Datum)(stmt->createtable);
+    AssertState(BoolIsValid(stmt->locktable));
+    new_record[Anum_pg_shadow_uselocktable-1] = (Datum)(stmt->locktable);
 	/*
 	 * Build a tuple to insert
 	 */
@@ -263,6 +267,8 @@ CreateUser(CreateUserStmt *stmt)
 	AssertState(BoolIsValid(stmt->createuser));
 	new_record[Anum_pg_shadow_usesuper - 1] = (Datum) (stmt->createuser);
 	/* superuser gets catupd right by default */
+    new_record_nulls[Anum_pg_shadow_usecreatetable-1] = ' ';
+    new_record_nulls[Anum_pg_shadow_uselocktable-1] = ' ';
 	new_record[Anum_pg_shadow_usecatupd - 1] = (Datum) (stmt->createuser);
 
 	if (stmt->password)
@@ -352,7 +358,8 @@ AlterUser(AlterUserStmt *stmt)
 
 	/* must be superuser or just want to change your own password */
 	if (!superuser() &&
-	  !(stmt->createdb == 0 && stmt->createuser == 0 && !stmt->validUntil
+        !(stmt->createdb==0 && stmt->createuser==0 && stmt->createtable==0 
+          && stmt->locktable==0 && !stmt->validUntil
 		&& stmt->password && strcmp(GetPgUserName(), stmt->user) == 0))
 		elog(ERROR, "ALTER USER: permission denied");
 
@@ -380,8 +387,32 @@ AlterUser(AlterUserStmt *stmt)
 	/*
 	 * Build a tuple to update, perusing the information just obtained
 	 */
-	new_record[Anum_pg_shadow_usename - 1] = PointerGetDatum(namein(stmt->user));
-	new_record_nulls[Anum_pg_shadow_usename - 1] = ' ';
+
+    /* createtable */
+    if (stmt->createtable == 0)
+    {
+        /* don't change */
+        new_record[Anum_pg_shadow_usecreatetable-1] = heap_getattr(tuple, Anum_pg_shadow_usecreatetable, pg_shadow_dsc, &null);
+        new_record_nulls[Anum_pg_shadow_usecreatetable-1] = null ? 'n' : ' ';
+    }
+    else
+    {
+        new_record[Anum_pg_shadow_usecreatetable-1] = (Datum)(stmt->createtable > 0 ? true : false);
+        new_record_nulls[Anum_pg_shadow_usecreatetable-1] = ' ';
+    }
+
+    /* locktable */
+    if (stmt->locktable == 0)
+    {
+        /* don't change */
+        new_record[Anum_pg_shadow_uselocktable-1] = heap_getattr(tuple, Anum_pg_shadow_uselocktable, pg_shadow_dsc, &null);
+        new_record_nulls[Anum_pg_shadow_uselocktable-1] = null ? 'n' : ' ';
+    }
+    else
+    {
+        new_record[Anum_pg_shadow_uselocktable-1] = (Datum)(stmt->locktable > 0 ? true : false);
+        new_record_nulls[Anum_pg_shadow_uselocktable-1] = ' ';
+	}
 
 	/* sysid - leave as is */
 	new_record[Anum_pg_shadow_usesysid - 1] = heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null);