I have large database and with this DB work more users and I very need

more restriction for fretful users. The current PG allow define only NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need NO-CREATE-TABLE and NO-LOCK-TABLE. This patch add to current code NOCREATETABLE and NOLOCKTABLE feature: CREATE USER username [ WITH [ SYSID uid ] [ PASSWORD 'password' ] ] [ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ] -> [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ] ...etc. If CREATETABLE or LOCKTABLE is not specific in CREATE USER command, as default is set CREATETABLE or LOCKTABLE (true). A user with NOCREATETABLE restriction can't call CREATE TABLE or SELECT INTO commands, only create temp table is allow for him. Karel

I have large database and with this DB work more users and I very need
more restriction for fretful users. The current PG allow define only NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need NO-CREATE-TABLE and NO-LOCK-TABLE. This patch add to current code NOCREATETABLE and NOLOCKTABLE feature: CREATE USER username [ WITH [ SYSID uid ] [ PASSWORD 'password' ] ] [ CREATEDB | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ] -> [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ] ...etc. If CREATETABLE or LOCKTABLE is not specific in CREATE USER command, as default is set CREATETABLE or LOCKTABLE (true). A user with NOCREATETABLE restriction can't call CREATE TABLE or SELECT INTO commands, only create temp table is allow for him. Karel
85add42a · Bruce Momjian · a672e965 · 85add42a · 85add42a · 85add42a
Commit 85add42a authored Jun 09, 2000 by Bruce Momjian
13 changed files
--- a/src/backend/commands/command.c
+++ b/src/backend/commands/command.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.77 2000/06/04 22:04:32 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.78 2000/06/09 15:50:43 momjian Exp $
 *
 * NOTES
 *	  The PortalExecutorHeapMemory crap needs to be eliminated
@@ -30,6 +30,7 @@
 #include "commands/command.h"
 #include "executor/spi.h"
 #include "catalog/heap.h"
+#include "catalog/pg_shadow.h"
 #include "miscadmin.h"
 #include "optimizer/prep.h"
 #include "utils/acl.h"
@@ -1211,6 +1212,21 @@ LockTableCommand(LockStmt *lockstmt)
 {
 	Relation	rel;
 	int			aclresult;
+	HeapTuple	tup;
+	/* ----------
+	 * Check pg_shadow for global lock setting 
+	 * ----------
+	 */
+	tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
+	if (!HeapTupleIsValid(tup))
+ 		elog(ERROR, "LOCK TABLE: look at pg_shadow failed"); 
+ 	if (!((Form_pg_shadow) GETSTRUCT(tup))->uselocktable)
+ 		elog(ERROR, "LOCK TABLE: permission denied");	
 	rel = heap_openr(lockstmt->relname, NoLock);
 	if (!RelationIsValid(rel))

--- a/src/backend/commands/creatinh.c
+++ b/src/backend/commands/creatinh.c
@@ -9,9 +9,9 @@
 *
 * IDENTIFICATION
 <<<<<<< creatinh.c
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.59 2000/06/09 01:44:03 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.60 2000/06/09 15:50:43 momjian Exp $
 =======
- *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.59 2000/06/09 01:44:03 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/commands/Attic/creatinh.c,v 1.60 2000/06/09 15:50:43 momjian Exp $
 >>>>>>> 1.58
 *
 *-------------------------------------------------------------------------
@@ -26,8 +26,10 @@
 #include "catalog/pg_inherits.h"
 #include "catalog/pg_ipl.h"
 #include "catalog/pg_type.h"
+#include "catalog/pg_shadow.h"
 #include "commands/creatinh.h"
 #include "utils/syscache.h"
+#include "miscadmin.h"
 /* ----------------
 *		local stuff
@@ -63,6 +65,22 @@ DefineRelation(CreateStmt *stmt, char relkind)
 	int			i;
 	AttrNumber	attnum;
+	if (!stmt->istemp) {
+		HeapTuple       tup;
+		/* ----------
+		 * Check pg_shadow for global createTable setting 
+		 * ----------
+		 */
+		tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
+		if (!HeapTupleIsValid(tup))
+	 		elog(ERROR, "CREATE TABLE: look at pg_shadow failed"); 
+	 	if (!((Form_pg_shadow) GETSTRUCT(tup))->usecreatetable)
+	 		elog(ERROR, "CREATE TABLE: permission denied");	
+	}
 	if (strlen(stmt->relname) >= NAMEDATALEN)
 		elog(ERROR, "the relation name %s is >= %d characters long",
 			 stmt->relname, NAMEDATALEN);

--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.58 2000/06/09 01:11:04 tgl Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.59 2000/06/09 15:50:43 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -250,6 +250,10 @@ CreateUser(CreateUserStmt *stmt)
 		return;
 	}
+    AssertState(BoolIsValid(stmt->createtable));
+    new_record[Anum_pg_shadow_usecreatetable-1] = (Datum)(stmt->createtable);
+    AssertState(BoolIsValid(stmt->locktable));
+    new_record[Anum_pg_shadow_uselocktable-1] = (Datum)(stmt->locktable);
 	/*
 	 * Build a tuple to insert
 	 */
@@ -263,6 +267,8 @@ CreateUser(CreateUserStmt *stmt)
 	AssertState(BoolIsValid(stmt->createuser));
 	new_record[Anum_pg_shadow_usesuper - 1] = (Datum) (stmt->createuser);
 	/* superuser gets catupd right by default */
+    new_record_nulls[Anum_pg_shadow_usecreatetable-1] = ' ';
+    new_record_nulls[Anum_pg_shadow_uselocktable-1] = ' ';
 	new_record[Anum_pg_shadow_usecatupd - 1] = (Datum) (stmt->createuser);
 	if (stmt->password)
@@ -352,7 +358,8 @@ AlterUser(AlterUserStmt *stmt)
 	/* must be superuser or just want to change your own password */
 	if (!superuser() &&
-	  !(stmt->createdb == 0 && stmt->createuser == 0 && !stmt->validUntil
+        !(stmt->createdb==0 && stmt->createuser==0 && stmt->createtable==0 
+          && stmt->locktable==0 && !stmt->validUntil
 		&& stmt->password && strcmp(GetPgUserName(), stmt->user) == 0))
 		elog(ERROR, "ALTER USER: permission denied");
@@ -380,8 +387,32 @@ AlterUser(AlterUserStmt *stmt)
 	/*
 	 * Build a tuple to update, perusing the information just obtained
 	 */
-	new_record[Anum_pg_shadow_usename - 1] = PointerGetDatum(namein(stmt->user));
-	new_record_nulls[Anum_pg_shadow_usename - 1] = ' ';
+    /* createtable */
+    if (stmt->createtable == 0)
+    {
+        /* don't change */
+        new_record[Anum_pg_shadow_usecreatetable-1] = heap_getattr(tuple, Anum_pg_shadow_usecreatetable, pg_shadow_dsc, &null);
+        new_record_nulls[Anum_pg_shadow_usecreatetable-1] = null ? 'n' : ' ';
+    }
+    else
+    {
+        new_record[Anum_pg_shadow_usecreatetable-1] = (Datum)(stmt->createtable > 0 ? true : false);
+        new_record_nulls[Anum_pg_shadow_usecreatetable-1] = ' ';
+    }
+    /* locktable */
+    if (stmt->locktable == 0)
+    {
+        /* don't change */
+        new_record[Anum_pg_shadow_uselocktable-1] = heap_getattr(tuple, Anum_pg_shadow_uselocktable, pg_shadow_dsc, &null);
+        new_record_nulls[Anum_pg_shadow_uselocktable-1] = null ? 'n' : ' ';
+    }
+    else
+    {
+        new_record[Anum_pg_shadow_uselocktable-1] = (Datum)(stmt->locktable > 0 ? true : false);
+        new_record_nulls[Anum_pg_shadow_uselocktable-1] = ' ';
+	}
 	/* sysid - leave as is */
 	new_record[Anum_pg_shadow_usesysid - 1] = heap_getattr(tuple, Anum_pg_shadow_usesysid, pg_shadow_dsc, &null);

--- a/src/backend/parser/gram.y
+++ b/src/backend/parser/gram.y
@@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.170 2000/06/09 01:44:18 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/gram.y,v 2.171 2000/06/09 15:50:44 momjian Exp $
 *
 * HISTORY
 *	  AUTHOR			DATE			MAJOR EVENT
@@ -145,7 +145,8 @@ static void doNegateFloat(Value *v);
 %type <ival>	opt_lock, lock_type
 %type <boolean>	opt_lmode, opt_force
-%type <ival>    user_createdb_clause, user_createuser_clause
+%type <ival>    user_createdb_clause, user_createuser_clause, user_createtable_clause,
+		user_locktable_clause
 %type <str>		user_passwd_clause
 %type <ival>            sysid_clause
 %type <str>		user_valid_clause
@@ -339,14 +340,14 @@ static void doNegateFloat(Value *v);
 */
 %token	ABORT_TRANS, ACCESS, AFTER, AGGREGATE, ANALYZE,
 		BACKWARD, BEFORE, BINARY, BIT,
-		CACHE, CLUSTER, COMMENT, COPY, CREATEDB, CREATEUSER, CYCLE,
+		CACHE, CLUSTER, COMMENT, COPY, CREATEDB, CREATETABLE, CREATEUSER, CYCLE,
 		DATABASE, DELIMITERS, DO,
 		EACH, ENCODING, EXCLUSIVE, EXPLAIN, EXTEND,
 		FORCE, FORWARD, FUNCTION, HANDLER,
 		INCREMENT, INDEX, INHERITS, INSTEAD, ISNULL,
-		LANCOMPILER, LIMIT, LISTEN, LOAD, LOCATION, LOCK_P,
+		LANCOMPILER, LIMIT, LISTEN, LOAD, LOCATION, LOCK_P, LOCKTABLE,
 		MAXVALUE, MINVALUE, MODE, MOVE,
-		NEW, NOCREATEDB, NOCREATEUSER, NONE, NOTHING, NOTIFY, NOTNULL,
+		NEW, NOCREATEDB, NOCREATETABLE, NOCREATEUSER, NOLOCKTABLE, NONE, NOTHING, NOTIFY, NOTNULL,
 		OFFSET, OIDS, OPERATOR, PASSWORD, PROCEDURAL,
 		REINDEX, RENAME, RESET, RETURNS, ROW, RULE,
 		SEQUENCE, SERIAL, SETOF, SHARE, SHOW, START, STATEMENT, STDIN, STDOUT, SYSID,
@@ -473,32 +474,37 @@ stmt :	AlterTableStmt
 *
 *****************************************************************************/
-CreateUserStmt:  CREATE USER UserId
+CreateUserStmt:  CREATE USER UserId user_createdb_clause user_createuser_clause 
-                 user_createdb_clause user_createuser_clause user_group_clause
+                 user_createtable_clause user_locktable_clause user_group_clause
                 user_valid_clause
 				{
 					CreateUserStmt *n = makeNode(CreateUserStmt);
 					n->user = $3;
-                    n->sysid = -1;
+					n->sysid = -1;
 					n->password = NULL;
 					n->createdb = $4 == +1 ? true : false;
 					n->createuser = $5 == +1 ? true : false;
-					n->groupElts = $6;
+					n->createtable = $6 == +1 ? true : false;
-					n->validUntil = $7;
+					n->locktable = $7 == +1 ? true : false;
+					n->groupElts = $8;
+					n->validUntil = $9;
 					$$ = (Node *)n;
 				}
                | CREATE USER UserId WITH sysid_clause user_passwd_clause
-                user_createdb_clause user_createuser_clause user_group_clause
+                user_createdb_clause user_createuser_clause 
+                user_createtable_clause user_locktable_clause user_group_clause
                user_valid_clause
               {
 					CreateUserStmt *n = makeNode(CreateUserStmt);
 					n->user = $3;
-                    n->sysid = $5;
+   					n->sysid = $5;
 					n->password = $6;
 					n->createdb = $7 == +1 ? true : false;
 					n->createuser = $8 == +1 ? true : false;
-					n->groupElts = $9;
+					n->createtable = $9 == +1 ? true : false;
-					n->validUntil = $10;
+					n->locktable = $10 == +1 ? true : false;					
+					n->groupElts = $11;
+					n->validUntil = $12;
 					$$ = (Node *)n;
               }                   
 		;
@@ -510,27 +516,32 @@ CreateUserStmt:  CREATE USER UserId
 *
 *****************************************************************************/
-AlterUserStmt:  ALTER USER UserId user_createdb_clause
+AlterUserStmt:  ALTER USER UserId user_createdb_clause user_createuser_clause 
-				user_createuser_clause user_valid_clause
+		user_createtable_clause user_locktable_clause user_valid_clause
 				{
 					AlterUserStmt *n = makeNode(AlterUserStmt);
 					n->user = $3;
 					n->password = NULL;
 					n->createdb = $4;
 					n->createuser = $5;
-					n->validUntil = $6;
+					n->createtable = $6;
+					n->locktable = $7;
+					n->validUntil = $8;
 					$$ = (Node *)n;
 				}
 			| ALTER USER UserId WITH PASSWORD Sconst
-			  user_createdb_clause
+			  user_createdb_clause user_createuser_clause 
-			  user_createuser_clause user_valid_clause
+			  user_createtable_clause user_locktable_clause
+			  user_valid_clause
 				{
 					AlterUserStmt *n = makeNode(AlterUserStmt);
 					n->user = $3;
 					n->password = $6;
 					n->createdb = $7;
 					n->createuser = $8;
-					n->validUntil = $9;
+					n->createtable = $9;
+					n->locktable = $10;
+					n->validUntil = $11;
 					$$ = (Node *)n;
 				}
 		;
@@ -573,6 +584,22 @@ user_createuser_clause:  CREATEUSER				{ $$ = +1; }
 			| /*EMPTY*/							{ $$ = 0; }
 		;
+user_createtable_clause:  CREATETABLE				{ $$ = +1; }
+			| NOCREATETABLE				{ $$ = -1; }
+			| /*EMPTY*/		{ 
+						/* EMPTY is default = CREATETABLE */
+							$$ = +1; 
+						}				
+		;
+user_locktable_clause:  LOCKTABLE				{ $$ = +1; }
+			| NOLOCKTABLE				{ $$ = -1; }
+			| /*EMPTY*/		{ 
+						/* EMPTY is default = LOCKTABLE */
+							$$ = +1; 
+						}
+		;
 user_list:  user_list ',' UserId
 				{
 					$$ = lcons((void*)makeString($3), $1);

--- a/src/backend/parser/keywords.c
+++ b/src/backend/parser/keywords.c
@@ -9,9 +9,9 @@
 *
 * IDENTIFICATION
 <<<<<<< keywords.c
- *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.74 2000/06/09 01:44:18 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.75 2000/06/09 15:50:45 momjian Exp $
 =======
- *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.74 2000/06/09 01:44:18 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/parser/keywords.c,v 1.75 2000/06/09 15:50:45 momjian Exp $
 >>>>>>> 1.73
 *
 *-------------------------------------------------------------------------
@@ -75,6 +75,7 @@ static ScanKeyword ScanKeywords[] = {
 	{"copy", COPY},
 	{"create", CREATE},
 	{"createdb", CREATEDB},
+	{"createtable", CREATETABLE},
 	{"createuser", CREATEUSER},
 	{"cross", CROSS},
 	{"current_date", CURRENT_DATE},
@@ -155,6 +156,7 @@ static ScanKeyword ScanKeywords[] = {
 	{"local", LOCAL},
 	{"location", LOCATION},
 	{"lock", LOCK_P},
+	{"locktable", LOCKTABLE},
 	{"match", MATCH},
 	{"maxvalue", MAXVALUE},
 	{"minute", MINUTE_P},
@@ -170,7 +172,9 @@ static ScanKeyword ScanKeywords[] = {
 	{"next", NEXT},
 	{"no", NO},
 	{"nocreatedb", NOCREATEDB},
+	{"nocreatetable", NOCREATETABLE},
 	{"nocreateuser", NOCREATEUSER},
+	{"nolocktable", NOLOCKTABLE},
 	{"none", NONE},
 	{"not", NOT},
 	{"nothing", NOTHING},

--- a/src/backend/tcop/pquery.c
+++ b/src/backend/tcop/pquery.c
@@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.32 2000/06/04 22:08:53 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/tcop/pquery.c,v 1.33 2000/06/09 15:50:46 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -20,6 +20,9 @@
 #include "executor/executor.h"
 #include "tcop/pquery.h"
 #include "utils/ps_status.h"
+#include "catalog/pg_shadow.h"
+#include "miscadmin.h"
+#include "utils/syscache.h"
 static char *CreateOperationTag(int operationType);
 static void ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset,
@@ -250,6 +253,23 @@ ProcessQueryDesc(QueryDesc *queryDesc, Node *limoffset, Node *limcount)
 		else if (parseTree->into != NULL)
 		{
 			/* select into table */
+			if (!parseTree->isTemp) {
+				HeapTuple       tup;
+				/* ----------
+				 * Check pg_shadow for global createTable setting 
+				 * ----------
+				 */
+				tup = SearchSysCacheTuple(SHADOWNAME, PointerGetDatum(GetPgUserName()), 0, 0, 0);
+				if (!HeapTupleIsValid(tup))
+	 				elog(ERROR, "ProcessQueryDesc: look at pg_shadow failed"); 
+	 			if (!((Form_pg_shadow) GETSTRUCT(tup))->usecreatetable)
+	 				elog(ERROR, "SELECT INTO TABLE: permission denied");	
+			}
 			isRetrieveIntoRelation = true;
 		}

--- a/src/bin/initdb/initdb.sh
+++ b/src/bin/initdb/initdb.sh
@@ -26,7 +26,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.93 2000/06/04 01:44:35 petere Exp $
+#    $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.94 2000/06/09 15:50:49 momjian Exp $
 #
 #-------------------------------------------------------------------------
@@ -523,6 +523,8 @@ echo "CREATE VIEW pg_user AS \
            usename, \
            usesysid, \
            usecreatedb, \
+            usecreatetable, \            
+            uselocktable, \
            usetrace, \
            usesuper, \
            usecatupd, \

--- a/src/bin/scripts/createuser
+++ b/src/bin/scripts/createuser
@@ -8,7 +8,7 @@
 #
 #
 # IDENTIFICATION
-#    $Header: /cvsroot/pgsql/src/bin/scripts/Attic/createuser,v 1.9 2000/03/25 14:36:58 momjian Exp $
+#    $Header: /cvsroot/pgsql/src/bin/scripts/Attic/createuser,v 1.10 2000/06/09 15:50:53 momjian Exp $
 #
 # Note - this should NOT be setuid.
 #
@@ -21,6 +21,8 @@ NewUser=
 SysID=
 CanAddUser=
 CanCreateDb=
+CanCreateTab=
+CanLockTab=
 PwPrompt=
 Password=
 PSQLOPT=
@@ -90,6 +92,18 @@ do
        --no-createdb|-D)
 		CanCreateDb=f
 		;;
+        --createtable|-t)
+		CanCreateTab=t
+		;;
+        --no-createtable|-T)
+		CanCreateTab=f
+		;;	
+        --locktable|-l)
+		CanLockTab=t
+		;;
+        --no-locktable|-L)
+		CanLockTab=f
+		;;			
        --adduser|-a)
 		CanAddUser=t
 		;;
@@ -129,6 +143,10 @@ if [ "$usage" ]; then
 	echo "Options:"
 	echo "  -d, --createdb                  User can create new databases"
 	echo "  -D, --no-createdb               User cannot create databases"
+	echo "  -t, --createtable               User can create new tables"
+	echo "  -T, --no-createtable            User cannot create tables"	
+	echo "  -l, --locktable                 User can lock tables"
+	echo "  -L, --no-locktable              User cannot lock tables"	
 	echo "  -a, --adduser                   User can add new users"
 	echo "  -A, --no-adduser                User cannot add new users"
 	echo "  -i, --sysid=SYSID               Select sysid for new user"     
@@ -204,6 +222,27 @@ if [ -z "$CanAddUser" ]; then
 	fi
 fi
+if [ -z "$CanCreateTab" ]; then
+	$ECHO_N "Shall the new user be allowed to create tables? (y/n) "$ECHO_C
+	read REPLY
+	[ $? -ne 0 ] && exit 1
+	if [ $REPLY = "y" -o $REPLY = "Y" ]; then
+		CanCreateTab=t
+	else
+		CanCreateTab=f
+	fi
+fi
+if [ -z "$CanLockTab" ]; then
+	$ECHO_N "Shall the new user be allowed to lock tables? (y/n) "$ECHO_C
+	read REPLY
+	[ $? -ne 0 ] && exit 1
+	if [ $REPLY = "y" -o $REPLY = "Y" ]; then
+		CanLockTab=t
+	else
+		CanLockTab=f
+	fi
+fi
 #
 # build SQL command
@@ -222,6 +261,11 @@ SUBQUERY=
 [ "$CanCreateDb" = f ] && QUERY="$QUERY NOCREATEDB"
 [ "$CanAddUser" = t ] &&  QUERY="$QUERY CREATEUSER"
 [ "$CanAddUser" = f ] &&  QUERY="$QUERY NOCREATEUSER"
+[ "$CanCreateTab" = t ] && QUERY="$QUERY CREATETABLE"
+[ "$CanCreateTab" = f ] && QUERY="$QUERY NOCREATETABLE"
+[ "$CanLockTab" = t ] && QUERY="$QUERY LOCKTABLE"
+[ "$CanLockTab" = f ] && QUERY="$QUERY NOLOCKTABLE"
 ${PATHNAME}psql -c "$QUERY" -d template1 $PSQLOPT
 if [ $? -ne 0 ]; then

--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -37,7 +37,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Id: catversion.h,v 1.27 2000/06/09 01:11:10 tgl Exp $
+ * $Id: catversion.h,v 1.28 2000/06/09 15:50:59 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -53,6 +53,6 @@
 */
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	200006081
+#define CATALOG_VERSION_NO	200006092
 #endif
--- a/src/include/catalog/pg_attribute.h
+++ b/src/include/catalog/pg_attribute.h
@@ -8,7 +8,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Id: pg_attribute.h,v 1.57 2000/06/09 01:44:22 momjian Exp $
+ * $Id: pg_attribute.h,v 1.58 2000/06/09 15:51:00 momjian Exp $
 *
 * NOTES
 *	  the genbki.sh script reads this file and generates .bki
@@ -336,12 +336,14 @@ DATA(insert OID = 0 ( 1255 cmax				29 0  4  -6 0 -1 -1 t p f i f f));
 */
 DATA(insert OID = 0 ( 1260 usename			19	0 NAMEDATALEN	1 0 -1 -1 f p f i f f));
 DATA(insert OID = 0 ( 1260 usesysid			23	0	4	2 0 -1 -1 t p f i f f));
-DATA(insert OID = 0 ( 1260 usecreatedb		16	0	1	3 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 usecreatedb			16	0	1	3 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 usetrace			16	0	1	4 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 usecreatetable		16	0	1	4 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 usesuper			16	0	1	5 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 uselocktable			16	0	1	5 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 usecatupd		16	0	1	6 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 usetrace			16	0	1	6 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 passwd			25	0  -1	7 0 -1 -1 f p f i f f));
+DATA(insert OID = 0 ( 1260 usesuper			16	0	1	7 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 valuntil			702 0	4	8 0 -1 -1 t p f i f f));
+DATA(insert OID = 0 ( 1260 usecatupd			16	0	1	8 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 passwd			25	0  	-1	9 0 -1 -1 f p f i f f));
+DATA(insert OID = 0 ( 1260 valuntil			702 	0	4	10 0 -1 -1 t p f i f f));
 DATA(insert OID = 0 ( 1260 ctid				27 0  6  -1 0 -1 -1 f p f i f f));
 DATA(insert OID = 0 ( 1260 oid				26 0  4  -2 0 -1 -1 t p f i f f));
 DATA(insert OID = 0 ( 1260 xmin				28 0  4  -3 0 -1 -1 t p f i f f));

--- a/src/include/catalog/pg_class.h
+++ b/src/include/catalog/pg_class.h
@@ -8,7 +8,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Id: pg_class.h,v 1.35 2000/06/09 01:44:23 momjian Exp $
+ * $Id: pg_class.h,v 1.36 2000/06/09 15:51:00 momjian Exp $
 *
 * NOTES
 *	  ``pg_relation'' is being replaced by ``pg_class''.  currently
@@ -139,7 +139,7 @@ DATA(insert OID = 1255 (  pg_proc 81		  PGUID 0 0 0 0 f f r 17 0 0 0 0 0 f f f _
 DESCR("");
 DATA(insert OID = 1259 (  pg_class 83		  PGUID 0 0 0 0 f f r 20 0 0 0 0 0 f f f _null_ ));
 DESCR("");
-DATA(insert OID = 1260 (  pg_shadow 86		  PGUID 0 0 0 0 f t r 8  0 0 0 0 0 f f f _null_ ));
+DATA(insert OID = 1260 (  pg_shadow 86		  PGUID 0 0 0 0 f t r 10  0 0 0 0 0 f f f _null_ ));
 DESCR("");
 DATA(insert OID = 1261 (  pg_group 87		  PGUID 0 0 0 0 f t r 3  0 0 0 0 0 f f f _null_ ));
 DESCR("");

--- a/src/include/catalog/pg_shadow.h
+++ b/src/include/catalog/pg_shadow.h
@@ -9,7 +9,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Id: pg_shadow.h,v 1.7 2000/01/26 05:57:58 momjian Exp $
+ * $Id: pg_shadow.h,v 1.8 2000/06/09 15:51:00 momjian Exp $
 *
 * NOTES
 *	  the genbki.sh script reads this file and generates .bki
@@ -38,6 +38,8 @@ CATALOG(pg_shadow) BOOTSTRAP
 	NameData	usename;
 	int4		usesysid;
 	bool		usecreatedb;
+	bool		usecreatetable;
+	bool		uselocktable;
 	bool		usetrace;
 	bool		usesuper;
 	bool		usecatupd;
@@ -56,15 +58,17 @@ typedef FormData_pg_shadow *Form_pg_shadow;
 *		compiler constants for pg_shadow
 * ----------------
 */
-#define Natts_pg_shadow				8
+#define Natts_pg_shadow				10
 #define Anum_pg_shadow_usename			1
 #define Anum_pg_shadow_usesysid			2
 #define Anum_pg_shadow_usecreatedb		3
-#define Anum_pg_shadow_usetrace			4
+#define Anum_pg_shadow_usecreatetable		4
-#define Anum_pg_shadow_usesuper			5
+#define Anum_pg_shadow_uselocktable		5
-#define Anum_pg_shadow_usecatupd		6
+#define Anum_pg_shadow_usetrace			6
-#define Anum_pg_shadow_passwd			7
+#define Anum_pg_shadow_usesuper			7
-#define Anum_pg_shadow_valuntil			8
+#define Anum_pg_shadow_usecatupd		8
+#define Anum_pg_shadow_passwd			9
+#define Anum_pg_shadow_valuntil			10
 /* ----------------
 *		initial contents of pg_shadow
@@ -73,6 +77,6 @@ typedef FormData_pg_shadow *Form_pg_shadow;
 * user choices.
 * ----------------
 */
-DATA(insert OID = 0 ( POSTGRES PGUID t t t t _null_ _null_ ));
+DATA(insert OID = 0 ( POSTGRES PGUID t t t t t t _null_ _null_ ));
 #endif	 /* PG_SHADOW_H */
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -7,7 +7,7 @@
 * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $Id: parsenodes.h,v 1.106 2000/06/09 01:44:26 momjian Exp $
+ * $Id: parsenodes.h,v 1.107 2000/06/09 15:51:02 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -290,7 +290,7 @@ typedef struct DropPLangStmt
 /* ----------------------
- *				Create/Alter/Drop User Statements
+ *		Create/Alter/Drop User Statements
 * ----------------------
 */
 typedef struct CreateUserStmt
@@ -301,6 +301,8 @@ typedef struct CreateUserStmt
 	int			sysid;			/* PgSQL system id (-1 if don't care) */
 	bool		createdb;		/* Can the user create databases?	  */
 	bool		createuser;		/* Can this user create users?		  */
+	bool        createtable;	/* Can this user create tables?		  */
+	bool        locktable;		/* Can this user lock tables?		  */
 	List	   *groupElts;		/* The groups the user is a member of */
 	char	   *validUntil;		/* The time the login is valid until  */
 } CreateUserStmt;
@@ -312,6 +314,8 @@ typedef struct AlterUserStmt
 	char	   *password;		/* PostgreSQL user password			  */
 	int			createdb;		/* Can the user create databases?	  */
 	int			createuser;		/* Can this user create users?		  */
+	bool        createtable;	/* Can this user create tables?		  */
+	bool        locktable;		/* Can this user lock tables?		  */
 	char	   *validUntil;		/* The time the login is valid until  */
 } AlterUserStmt;