diff options
| author | Michael Paquier <michael@paquier.xyz> | 2020-11-21 19:45:30 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2020-11-21 19:45:30 +0900 |
| commit | 878f3a19c6c8ff197e4a33f51d921a4abafcc494 (patch) | |
| tree | b895e7f7b5e4183e8837d5e13af823a78df6b78e /src/backend | |
| parent | a47834db0fb70256e676862f1d96374a9e114d82 (diff) | |
| download | postgresql-878f3a19c6c8ff197e4a33f51d921a4abafcc494.tar.gz postgresql-878f3a19c6c8ff197e4a33f51d921a4abafcc494.zip | |
Remove INSERT privilege check at table creation of CTAS and matview
As per discussion with Peter Eisentraunt, the SQL standard specifies
that any tuple insertion done as part of CREATE TABLE AS happens without
any extra ACL check, so it makes little sense to keep a check for INSERT
privileges when using WITH DATA. Materialized views are not part of the
standard, but similarly, this check can be confusing as this refers to
an access check on a table created within the same command as the one
that would insert data into this table.
This commit removes the INSERT privilege check for WITH DATA, the
default, that 846005e removed partially, but only for WITH NO DATA.
Author: Bharath Rupireddy
Discussion: https://postgr.es/m/d049c272-9a47-d783-46b0-46665b011598@enterprisedb.com
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/commands/createas.c | 26 |
1 files changed, 0 insertions, 26 deletions
diff --git a/src/backend/commands/createas.c b/src/backend/commands/createas.c index 37649eafa88..6bf6c5a3106 100644 --- a/src/backend/commands/createas.c +++ b/src/backend/commands/createas.c @@ -432,7 +432,6 @@ intorel_startup(DestReceiver *self, int operation, TupleDesc typeinfo) DR_intorel *myState = (DR_intorel *) self; IntoClause *into = myState->into; bool is_matview; - char relkind; List *attrList; ObjectAddress intoRelationAddr; Relation intoRelationDesc; @@ -443,7 +442,6 @@ intorel_startup(DestReceiver *self, int operation, TupleDesc typeinfo) /* This code supports both CREATE TABLE AS and CREATE MATERIALIZED VIEW */ is_matview = (into->viewQuery != NULL); - relkind = is_matview ? RELKIND_MATVIEW : RELKIND_RELATION; /* * Build column definitions using "pre-cooked" type and collation info. If @@ -506,30 +504,6 @@ intorel_startup(DestReceiver *self, int operation, TupleDesc typeinfo) intoRelationDesc = table_open(intoRelationAddr.objectId, AccessExclusiveLock); /* - * Check INSERT permission on the constructed table. Skip this check if - * WITH NO DATA is specified as only a table gets created with no tuples - * inserted, that is a case possible when using EXPLAIN ANALYZE or - * EXECUTE. - */ - if (!into->skipData) - { - RangeTblEntry *rte; - - rte = makeNode(RangeTblEntry); - rte->rtekind = RTE_RELATION; - rte->relid = intoRelationAddr.objectId; - rte->relkind = relkind; - rte->rellockmode = RowExclusiveLock; - rte->requiredPerms = ACL_INSERT; - - for (attnum = 1; attnum <= intoRelationDesc->rd_att->natts; attnum++) - rte->insertedCols = bms_add_member(rte->insertedCols, - attnum - FirstLowInvalidHeapAttributeNumber); - - ExecCheckRTPerms(list_make1(rte), true); - } - - /* * Make sure the constructed table does not have RLS enabled. * * check_enable_rls() will ereport(ERROR) itself if the user has requested |