From 7967d10c5b49ccb82f67a0b80678a1a932bccdee Mon Sep 17 00:00:00 2001 From: Nathan Bossart Date: Mon, 1 Jul 2024 11:47:40 -0500 Subject: Remove redundant privilege check from pg_sequences system view. This commit adjusts pg_sequence_last_value() to return NULL instead of ERROR-ing for sequences for which the current user lacks privileges. This allows us to remove the call to has_sequence_privilege() in the definition of the pg_sequences system view. Bumps catversion. Suggested-by: Michael Paquier Reviewed-by: Michael Paquier, Tom Lane Discussion: https://postgr.es/m/20240501005730.GA594666%40nathanxps13 --- src/backend/commands/sequence.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) (limited to 'src/backend/commands/sequence.c') diff --git a/src/backend/commands/sequence.c b/src/backend/commands/sequence.c index b4ad19c0539..9f28d40466b 100644 --- a/src/backend/commands/sequence.c +++ b/src/backend/commands/sequence.c @@ -1790,21 +1790,17 @@ pg_sequence_last_value(PG_FUNCTION_ARGS) /* open and lock sequence */ init_sequence(relid, &elm, &seqrel); - if (pg_class_aclcheck(relid, GetUserId(), ACL_SELECT | ACL_USAGE) != ACLCHECK_OK) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("permission denied for sequence %s", - RelationGetRelationName(seqrel)))); - /* * We return NULL for other sessions' temporary sequences. The * pg_sequences system view already filters those out, but this offers a * defense against ERRORs in case someone invokes this function directly. * * Also, for the benefit of the pg_sequences view, we return NULL for - * unlogged sequences on standbys instead of throwing an error. + * unlogged sequences on standbys and for sequences for which the current + * user lacks privileges instead of throwing an error. */ - if (!RELATION_IS_OTHER_TEMP(seqrel) && + if (pg_class_aclcheck(relid, GetUserId(), ACL_SELECT | ACL_USAGE) == ACLCHECK_OK && + !RELATION_IS_OTHER_TEMP(seqrel) && (RelationIsPermanent(seqrel) || !RecoveryInProgress())) { Buffer buf; -- cgit v1.2.3