Commit fb7db40a authored by Tom Lane's avatar Tom Lane

Clean up duplicate role and schema names in regression tests.

Since these names are global, using the same ones in different regression
tests creates a hazard of test failures if any two such scripts run
concurrently.  Let's establish a policy of not doing that.  In the cases
where a conflict existed, I chose to rename both sides: in principle one
script or the other could've been left in possession of the common name,
but that seems to just invite more trouble of the same sort.

There are a number of places where scripts are using names that seem
unduly generic, but in the absence of actual conflicts I left them alone.

In addition, fix insert.sql's use of "someone_else" as a role name.
That's a flat out violation of longstanding project policy, so back-patch
that change to v10 where the usage appeared.  The rest of this is just
future-proofing, as no two of these scripts are actually run concurrently
in the existing parallel_schedule.

Conflicts of schema-qualified names also exist, but will be dealt with
separately.

Discussion: https://postgr.es/m/4627.1521070268@sss.pgh.pa.us
parent 3a4b8919
......@@ -3,13 +3,13 @@
--
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
DROP ROLE IF EXISTS regress_alter_user1;
DROP ROLE IF EXISTS regress_alter_user2;
DROP ROLE IF EXISTS regress_alter_user3;
DROP ROLE IF EXISTS regress_alter_generic_user1;
DROP ROLE IF EXISTS regress_alter_generic_user2;
DROP ROLE IF EXISTS regress_alter_generic_user3;
RESET client_min_messages;
CREATE USER regress_alter_user3;
CREATE USER regress_alter_user2;
CREATE USER regress_alter_user1 IN ROLE regress_alter_user3;
CREATE USER regress_alter_generic_user3;
CREATE USER regress_alter_generic_user2;
CREATE USER regress_alter_generic_user1 IN ROLE regress_alter_generic_user3;
CREATE SCHEMA alt_nsp1;
CREATE SCHEMA alt_nsp2;
GRANT ALL ON SCHEMA alt_nsp1, alt_nsp2 TO public;
......@@ -17,7 +17,7 @@ SET search_path = alt_nsp1, public;
--
-- Function and Aggregate
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 1';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
......@@ -30,26 +30,26 @@ CREATE AGGREGATE alt_agg2 (
);
ALTER AGGREGATE alt_func1(int) RENAME TO alt_func3; -- failed (not aggregate)
ERROR: function alt_func1(integer) is not an aggregate
ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_user3; -- failed (not aggregate)
ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_generic_user3; -- failed (not aggregate)
ERROR: function alt_func1(integer) is not an aggregate
ALTER AGGREGATE alt_func1(int) SET SCHEMA alt_nsp2; -- failed (not aggregate)
ERROR: function alt_func1(integer) is not an aggregate
ALTER FUNCTION alt_func1(int) RENAME TO alt_func2; -- failed (name conflict)
ERROR: function alt_func2(integer) already exists in schema "alt_nsp1"
ALTER FUNCTION alt_func1(int) RENAME TO alt_func3; -- OK
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- OK
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp1; -- OK, already there
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- OK
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg2; -- failed (name conflict)
ERROR: function alt_agg2(integer) already exists in schema "alt_nsp1"
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg3; -- OK
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- OK
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 2';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
......@@ -63,10 +63,10 @@ CREATE AGGREGATE alt_agg2 (
ALTER FUNCTION alt_func3(int) RENAME TO alt_func4; -- failed (not owner)
ERROR: must be owner of function alt_func3
ALTER FUNCTION alt_func1(int) RENAME TO alt_func4; -- OK
ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_user2; -- failed (not owner)
ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of function alt_func3
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER FUNCTION alt_func3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of function alt_func3
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- failed (name conflicts)
......@@ -74,10 +74,10 @@ ERROR: function alt_func2(integer) already exists in schema "alt_nsp2"
ALTER AGGREGATE alt_agg3(int) RENAME TO alt_agg4; -- failed (not owner)
ERROR: must be owner of function alt_agg3
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg4; -- OK
ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_user2; -- failed (not owner)
ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of function alt_agg3
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER AGGREGATE alt_agg3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of function alt_agg3
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -88,16 +88,16 @@ SELECT n.nspname, proname, prorettype::regtype, prokind, a.rolname
WHERE p.pronamespace = n.oid AND p.proowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, proname;
nspname | proname | prorettype | prokind | rolname
----------+-----------+------------+---------+---------------------
alt_nsp1 | alt_agg2 | integer | a | regress_alter_user2
alt_nsp1 | alt_agg3 | integer | a | regress_alter_user1
alt_nsp1 | alt_agg4 | integer | a | regress_alter_user2
alt_nsp1 | alt_func2 | integer | f | regress_alter_user2
alt_nsp1 | alt_func3 | integer | f | regress_alter_user1
alt_nsp1 | alt_func4 | integer | f | regress_alter_user2
alt_nsp2 | alt_agg2 | integer | a | regress_alter_user3
alt_nsp2 | alt_func2 | integer | f | regress_alter_user3
nspname | proname | prorettype | prokind | rolname
----------+-----------+------------+---------+-----------------------------
alt_nsp1 | alt_agg2 | integer | a | regress_alter_generic_user2
alt_nsp1 | alt_agg3 | integer | a | regress_alter_generic_user1
alt_nsp1 | alt_agg4 | integer | a | regress_alter_generic_user2
alt_nsp1 | alt_func2 | integer | f | regress_alter_generic_user2
alt_nsp1 | alt_func3 | integer | f | regress_alter_generic_user1
alt_nsp1 | alt_func4 | integer | f | regress_alter_generic_user2
alt_nsp2 | alt_agg2 | integer | a | regress_alter_generic_user3
alt_nsp2 | alt_func2 | integer | f | regress_alter_generic_user3
(8 rows)
--
......@@ -107,26 +107,26 @@ SELECT n.nspname, proname, prorettype::regtype, prokind, a.rolname
--
-- Conversion
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv1 RENAME TO alt_conv2; -- failed (name conflict)
ERROR: conversion "alt_conv2" already exists in schema "alt_nsp1"
ALTER CONVERSION alt_conv1 RENAME TO alt_conv3; -- OK
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- OK
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- OK
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv3 RENAME TO alt_conv4; -- failed (not owner)
ERROR: must be owner of conversion alt_conv3
ALTER CONVERSION alt_conv1 RENAME TO alt_conv4; -- OK
ALTER CONVERSION alt_conv3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER CONVERSION alt_conv3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of conversion alt_conv3
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER CONVERSION alt_conv3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of conversion alt_conv3
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -137,12 +137,12 @@ SELECT n.nspname, c.conname, a.rolname
WHERE c.connamespace = n.oid AND c.conowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, conname;
nspname | conname | rolname
----------+-----------+---------------------
alt_nsp1 | alt_conv2 | regress_alter_user2
alt_nsp1 | alt_conv3 | regress_alter_user1
alt_nsp1 | alt_conv4 | regress_alter_user2
alt_nsp2 | alt_conv2 | regress_alter_user3
nspname | conname | rolname
----------+-----------+-----------------------------
alt_nsp1 | alt_conv2 | regress_alter_generic_user2
alt_nsp1 | alt_conv3 | regress_alter_generic_user1
alt_nsp1 | alt_conv4 | regress_alter_generic_user2
alt_nsp2 | alt_conv2 | regress_alter_generic_user3
(4 rows)
--
......@@ -177,46 +177,46 @@ SELECT srvname FROM pg_foreign_server WHERE srvname like 'alt_fserv%';
--
CREATE LANGUAGE alt_lang1 HANDLER plpgsql_call_handler;
CREATE LANGUAGE alt_lang2 HANDLER plpgsql_call_handler;
ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_user1; -- OK
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user2; -- OK
SET SESSION AUTHORIZATION regress_alter_user1;
ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_generic_user1; -- OK
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user2; -- OK
SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang2; -- failed (name conflict)
ERROR: language "alt_lang2" already exists
ALTER LANGUAGE alt_lang2 RENAME TO alt_lang3; -- failed (not owner)
ERROR: must be owner of language alt_lang2
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang3; -- OK
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user3; -- failed (not owner)
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user3; -- failed (not owner)
ERROR: must be owner of language alt_lang2
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user3; -- OK
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user3; -- OK
RESET SESSION AUTHORIZATION;
SELECT lanname, a.rolname
FROM pg_language l, pg_authid a
WHERE l.lanowner = a.oid AND l.lanname like 'alt_lang%'
ORDER BY lanname;
lanname | rolname
-----------+---------------------
alt_lang2 | regress_alter_user2
alt_lang3 | regress_alter_user3
lanname | rolname
-----------+-----------------------------
alt_lang2 | regress_alter_generic_user2
alt_lang3 | regress_alter_generic_user3
(2 rows)
--
-- Operator
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
CREATE OPERATOR @+@ ( leftarg = int4, rightarg = int4, procedure = int4pl );
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user3; -- OK
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (not owner)
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of operator @+@
ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER OPERATOR @+@(int4, int4) SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of operator @+@
-- can't test this: the error message includes the raw oid of namespace
......@@ -228,11 +228,11 @@ SELECT n.nspname, oprname, a.rolname,
WHERE o.oprnamespace = n.oid AND o.oprowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, oprname;
nspname | oprname | rolname | oprleft | oprright | oprcode
----------+---------+---------------------+---------+----------+---------
alt_nsp1 | @+@ | regress_alter_user3 | integer | integer | int4pl
alt_nsp1 | @-@ | regress_alter_user2 | integer | integer | int4mi
alt_nsp2 | @-@ | regress_alter_user1 | integer | integer | int4mi
nspname | oprname | rolname | oprleft | oprright | oprcode
----------+---------+-----------------------------+---------+----------+---------
alt_nsp1 | @+@ | regress_alter_generic_user3 | integer | integer | int4pl
alt_nsp1 | @-@ | regress_alter_generic_user2 | integer | integer | int4mi
alt_nsp2 | @-@ | regress_alter_generic_user1 | integer | integer | int4mi
(3 rows)
--
......@@ -240,44 +240,44 @@ SELECT n.nspname, oprname, a.rolname,
--
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user1;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user1;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user1;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user1;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE uuid USING hash AS STORAGE uuid;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE uuid USING hash AS STORAGE uuid;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user1;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_user1;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user1;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf2; -- failed (name conflict)
ERROR: operator family "alt_opf2" for access method "hash" already exists in schema "alt_nsp1"
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- OK
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc2; -- failed (name conflict)
ERROR: operator class "alt_opc2" for access method "hash" already exists in schema "alt_nsp1"
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- OK
RESET SESSION AUTHORIZATION;
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user2;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user2;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE macaddr USING hash AS STORAGE macaddr;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE macaddr USING hash AS STORAGE macaddr;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user2;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_user2;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user2;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
ALTER OPERATOR FAMILY alt_opf3 USING hash RENAME TO alt_opf4; -- failed (not owner)
ERROR: must be owner of operator family alt_opf3
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf4; -- OK
ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of operator family alt_opf3
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER OPERATOR FAMILY alt_opf3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of operator family alt_opf3
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -285,10 +285,10 @@ ERROR: operator family "alt_opf2" for access method "hash" already exists in sc
ALTER OPERATOR CLASS alt_opc3 USING hash RENAME TO alt_opc4; -- failed (not owner)
ERROR: must be owner of operator class alt_opc3
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc4; -- OK
ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of operator class alt_opc3
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER OPERATOR CLASS alt_opc3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of operator class alt_opc3
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -300,12 +300,12 @@ SELECT nspname, opfname, amname, rolname
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
AND NOT opfname LIKE 'alt_opc%'
ORDER BY nspname, opfname;
nspname | opfname | amname | rolname
----------+----------+--------+---------------------
alt_nsp1 | alt_opf2 | hash | regress_alter_user2
alt_nsp1 | alt_opf3 | hash | regress_alter_user1
alt_nsp1 | alt_opf4 | hash | regress_alter_user2
alt_nsp2 | alt_opf2 | hash | regress_alter_user3
nspname | opfname | amname | rolname
----------+----------+--------+-----------------------------
alt_nsp1 | alt_opf2 | hash | regress_alter_generic_user2
alt_nsp1 | alt_opf3 | hash | regress_alter_generic_user1
alt_nsp1 | alt_opf4 | hash | regress_alter_generic_user2
alt_nsp2 | alt_opf2 | hash | regress_alter_generic_user3
(4 rows)
SELECT nspname, opcname, amname, rolname
......@@ -313,12 +313,12 @@ SELECT nspname, opcname, amname, rolname
WHERE o.opcmethod = m.oid AND o.opcnamespace = n.oid AND o.opcowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, opcname;
nspname | opcname | amname | rolname
----------+----------+--------+---------------------
alt_nsp1 | alt_opc2 | hash | regress_alter_user2
alt_nsp1 | alt_opc3 | hash | regress_alter_user1
alt_nsp1 | alt_opc4 | hash | regress_alter_user2
alt_nsp2 | alt_opc2 | hash | regress_alter_user3
nspname | opcname | amname | rolname
----------+----------+--------+-----------------------------
alt_nsp1 | alt_opc2 | hash | regress_alter_generic_user2
alt_nsp1 | alt_opc3 | hash | regress_alter_generic_user1
alt_nsp1 | alt_opc4 | hash | regress_alter_generic_user2
alt_nsp2 | alt_opc2 | hash | regress_alter_generic_user3
(4 rows)
-- ALTER OPERATOR FAMILY ... ADD/DROP
......@@ -362,9 +362,9 @@ ERROR: STORAGE cannot be specified in ALTER OPERATOR FAMILY
DROP OPERATOR FAMILY alt_opf4 USING btree;
-- Should fail. Need to be SUPERUSER to do ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
CREATE ROLE regress_alter_user5 NOSUPERUSER;
CREATE ROLE regress_alter_generic_user5 NOSUPERUSER;
CREATE OPERATOR FAMILY alt_opf5 USING btree;
SET ROLE regress_alter_user5;
SET ROLE regress_alter_generic_user5;
ALTER OPERATOR FAMILY alt_opf5 USING btree ADD OPERATOR 1 < (int4, int2), FUNCTION 1 btint42cmp(int4, int2);
ERROR: must be superuser to alter an operator family
RESET ROLE;
......@@ -374,11 +374,11 @@ ERROR: current transaction is aborted, commands ignored until end of transactio
ROLLBACK;
-- Should fail. Need rights to namespace for ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
CREATE ROLE regress_alter_user6;
CREATE ROLE regress_alter_generic_user6;
CREATE SCHEMA alt_nsp6;
REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_user6;
REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_generic_user6;
CREATE OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree;
SET ROLE regress_alter_user6;
SET ROLE regress_alter_generic_user6;
ALTER OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree ADD OPERATOR 1 < (int4, int2);
ERROR: permission denied for schema alt_nsp6
ROLLBACK;
......@@ -499,28 +499,28 @@ DROP OPERATOR FAMILY alt_opf18 USING btree;
--
-- Statistics
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TABLE alt_regress_1 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_1;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_1;
ALTER STATISTICS alt_stat1 RENAME TO alt_stat2; -- failed (name conflict)
ERROR: statistics object "alt_stat2" already exists in schema "alt_nsp1"
ALTER STATISTICS alt_stat1 RENAME TO alt_stat3; -- failed (name conflict)
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- OK
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- OK
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TABLE alt_regress_2 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_2;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_2;
ALTER STATISTICS alt_stat3 RENAME TO alt_stat4; -- failed (not owner)
ERROR: must be owner of statistics object alt_stat3
ALTER STATISTICS alt_stat1 RENAME TO alt_stat4; -- OK
ALTER STATISTICS alt_stat3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER STATISTICS alt_stat3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of statistics object alt_stat3
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER STATISTICS alt_stat3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of statistics object alt_stat3
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -531,37 +531,37 @@ SELECT nspname, stxname, rolname
WHERE s.stxnamespace = n.oid AND s.stxowner = a.oid
AND n.nspname in ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, stxname;
nspname | stxname | rolname
----------+-----------+---------------------
alt_nsp1 | alt_stat2 | regress_alter_user2
alt_nsp1 | alt_stat3 | regress_alter_user1
alt_nsp1 | alt_stat4 | regress_alter_user2
alt_nsp2 | alt_stat2 | regress_alter_user3
nspname | stxname | rolname
----------+-----------+-----------------------------
alt_nsp1 | alt_stat2 | regress_alter_generic_user2
alt_nsp1 | alt_stat3 | regress_alter_generic_user1
alt_nsp1 | alt_stat4 | regress_alter_generic_user2
alt_nsp2 | alt_stat2 | regress_alter_generic_user3
(4 rows)
--
-- Text Search Dictionary
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict2; -- failed (name conflict)
ERROR: text search dictionary "alt_ts_dict2" already exists in schema "alt_nsp1"
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 RENAME TO alt_ts_dict4; -- failed (not owner)
ERROR: must be owner of text search dictionary alt_ts_dict3
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict4; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of text search dictionary alt_ts_dict3
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of text search dictionary alt_ts_dict3
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -572,37 +572,37 @@ SELECT nspname, dictname, rolname
WHERE t.dictnamespace = n.oid AND t.dictowner = a.oid
AND n.nspname in ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, dictname;
nspname | dictname | rolname
----------+--------------+---------------------
alt_nsp1 | alt_ts_dict2 | regress_alter_user2
alt_nsp1 | alt_ts_dict3 | regress_alter_user1
alt_nsp1 | alt_ts_dict4 | regress_alter_user2
alt_nsp2 | alt_ts_dict2 | regress_alter_user3
nspname | dictname | rolname
----------+--------------+-----------------------------
alt_nsp1 | alt_ts_dict2 | regress_alter_generic_user2
alt_nsp1 | alt_ts_dict3 | regress_alter_generic_user1
alt_nsp1 | alt_ts_dict4 | regress_alter_generic_user2
alt_nsp2 | alt_ts_dict2 | regress_alter_generic_user3
(4 rows)
--
-- Text Search Configuration
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf2; -- failed (name conflict)
ERROR: text search configuration "alt_ts_conf2" already exists in schema "alt_nsp1"
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user2"
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user2"
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 RENAME TO alt_ts_conf4; -- failed (not owner)
ERROR: must be owner of text search configuration alt_ts_conf3
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf4; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of text search configuration alt_ts_conf3
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_user3"
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ERROR: must be member of role "regress_alter_generic_user3"
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of text search configuration alt_ts_conf3
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -613,12 +613,12 @@ SELECT nspname, cfgname, rolname
WHERE t.cfgnamespace = n.oid AND t.cfgowner = a.oid
AND n.nspname in ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, cfgname;
nspname | cfgname | rolname
----------+--------------+---------------------
alt_nsp1 | alt_ts_conf2 | regress_alter_user2
alt_nsp1 | alt_ts_conf3 | regress_alter_user1
alt_nsp1 | alt_ts_conf4 | regress_alter_user2
alt_nsp2 | alt_ts_conf2 | regress_alter_user3
nspname | cfgname | rolname
----------+--------------+-----------------------------
alt_nsp1 | alt_ts_conf2 | regress_alter_generic_user2
alt_nsp1 | alt_ts_conf3 | regress_alter_generic_user1
alt_nsp1 | alt_ts_conf4 | regress_alter_generic_user2
alt_nsp2 | alt_ts_conf2 | regress_alter_generic_user3
(4 rows)
--
......@@ -690,6 +690,6 @@ DROP SCHEMA alt_nsp1 CASCADE;
NOTICE: drop cascades to 28 other objects
DROP SCHEMA alt_nsp2 CASCADE;
NOTICE: drop cascades to 9 other objects
DROP USER regress_alter_user1;
DROP USER regress_alter_user2;
DROP USER regress_alter_user3;
DROP USER regress_alter_generic_user1;
DROP USER regress_alter_generic_user2;
DROP USER regress_alter_generic_user3;
......@@ -3,9 +3,9 @@
--
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
DROP ROLE IF EXISTS regress_alter_user1;
DROP ROLE IF EXISTS regress_alter_table_user1;
RESET client_min_messages;
CREATE USER regress_alter_user1;
CREATE USER regress_alter_table_user1;
--
-- add attribute
--
......@@ -216,14 +216,14 @@ ALTER INDEX IF EXISTS __tmp_onek_unique1 RENAME TO onek_unique1;
NOTICE: relation "__tmp_onek_unique1" does not exist, skipping
ALTER INDEX onek_unique1 RENAME TO tmp_onek_unique1;
ALTER INDEX tmp_onek_unique1 RENAME TO onek_unique1;
SET ROLE regress_alter_user1;
SET ROLE regress_alter_table_user1;
ALTER INDEX onek_unique1 RENAME TO fail; -- permission denied
ERROR: must be owner of index onek_unique1
RESET ROLE;
-- renaming views
CREATE VIEW tmp_view (unique1) AS SELECT unique1 FROM tenk1;
ALTER TABLE tmp_view RENAME TO tmp_view_new;
SET ROLE regress_alter_user1;
SET ROLE regress_alter_table_user1;
ALTER VIEW tmp_view_new RENAME TO fail; -- permission denied
ERROR: must be owner of view tmp_view_new
RESET ROLE;
......@@ -3890,4 +3890,4 @@ ALTER TABLE tmp ALTER COLUMN i SET (n_distinct = 1, n_distinct_inherited = 2);
ALTER TABLE tmp ALTER COLUMN i RESET (n_distinct_inherited);
ANALYZE tmp;
DROP TABLE tmp;
DROP USER regress_alter_user1;
DROP USER regress_alter_table_user1;
......@@ -129,15 +129,15 @@ ERROR: testfunc1(integer) is not a procedure
DROP PROCEDURE nonexistent();
ERROR: procedure nonexistent() does not exist
-- privileges
CREATE USER regress_user1;
GRANT INSERT ON cp_test TO regress_user1;
CREATE USER regress_cp_user1;
GRANT INSERT ON cp_test TO regress_cp_user1;
REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC;
SET ROLE regress_user1;
SET ROLE regress_cp_user1;
CALL ptest1('a'); -- error
ERROR: permission denied for procedure ptest1
RESET ROLE;
GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1;
SET ROLE regress_user1;
GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_cp_user1;
SET ROLE regress_cp_user1;
CALL ptest1('a'); -- ok
RESET ROLE;
-- ROUTINE syntax
......@@ -150,4 +150,4 @@ DROP ROUTINE testfunc1(int);
DROP PROCEDURE ptest1;
DROP PROCEDURE ptest2;
DROP TABLE cp_test;
DROP USER regress_user1;
DROP USER regress_cp_user1;
......@@ -83,7 +83,7 @@ CREATE VIEW temp_view_test.v3_temp AS SELECT * FROM temp_table;
NOTICE: view "v3_temp" will be a temporary view
ERROR: cannot create temporary relation in non-temporary schema
-- should fail
CREATE SCHEMA test_schema
CREATE SCHEMA test_view_schema
CREATE TEMP VIEW testview AS SELECT 1;
ERROR: cannot create temporary relation in non-temporary schema
-- joins: if any of the join relations are temporary, the view
......
......@@ -360,10 +360,10 @@ ALTER TABLE itest7 ALTER COLUMN a SET GENERATED BY DEFAULT;
ALTER TABLE itest7 ALTER COLUMN a RESTART;
ALTER TABLE itest7 ALTER COLUMN a DROP IDENTITY;
-- privileges
CREATE USER regress_user1;
CREATE USER regress_identity_user1;
CREATE TABLE itest8 (a int GENERATED ALWAYS AS IDENTITY, b text);
GRANT SELECT, INSERT ON itest8 TO regress_user1;
SET ROLE regress_user1;
GRANT SELECT, INSERT ON itest8 TO regress_identity_user1;
SET ROLE regress_identity_user1;
INSERT INTO itest8 DEFAULT VALUES;
SELECT * FROM itest8;
a | b
......@@ -373,7 +373,7 @@ SELECT * FROM itest8;
RESET ROLE;
DROP TABLE itest8;
DROP USER regress_user1;
DROP USER regress_identity_user1;
-- typed tables (currently not supported)
CREATE TYPE itest_type AS (f1 integer, f2 text, f3 bigint);
CREATE TABLE itest12 OF itest_type (f1 WITH OPTIONS GENERATED ALWAYS AS IDENTITY); -- error
......
......@@ -619,16 +619,16 @@ select tableoid::regclass, * from mlparted_def;
-- appropriate key description (or none) in various situations
create table key_desc (a int, b int) partition by list ((a+0));
create table key_desc_1 partition of key_desc for values in (1) partition by range (b);
create user someone_else;
grant select (a) on key_desc_1 to someone_else;
grant insert on key_desc to someone_else;
set role someone_else;
create user regress_insert_other_user;
grant select (a) on key_desc_1 to regress_insert_other_user;
grant insert on key_desc to regress_insert_other_user;
set role regress_insert_other_user;
-- no key description is shown
insert into key_desc values (1, 1);
ERROR: no partition of relation "key_desc_1" found for row
reset role;
grant select (b) on key_desc_1 to someone_else;
set role someone_else;
grant select (b) on key_desc_1 to regress_insert_other_user;
set role regress_insert_other_user;
-- key description (b)=(1) is now shown
insert into key_desc values (1, 1);
ERROR: no partition of relation "key_desc_1" found for row
......@@ -637,9 +637,9 @@ DETAIL: Partition key of the failing row contains (b) = (1).
insert into key_desc values (2, 1);
ERROR: no partition of relation "key_desc" found for row
reset role;
revoke all on key_desc from someone_else;
revoke all on key_desc_1 from someone_else;
drop role someone_else;
revoke all on key_desc from regress_insert_other_user;
revoke all on key_desc_1 from regress_insert_other_user;
drop role regress_insert_other_user;
drop table key_desc, key_desc_1;
-- test minvalue/maxvalue restrictions
create table mcrparted (a int, b int, c int) partition by range (a, abs(b), c);
......
--
-- Regression tests for schemas (namespaces)
--
CREATE SCHEMA test_schema_1
CREATE SCHEMA test_ns_schema_1
CREATE UNIQUE INDEX abc_a_idx ON abc (a)
CREATE VIEW abc_view AS
SELECT a+1 AS a, b+1 AS b FROM abc
......@@ -11,16 +11,16 @@ CREATE SCHEMA test_schema_1
);
-- verify that the objects were created
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
(SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
count
-------
5
(1 row)
INSERT INTO test_schema_1.abc DEFAULT VALUES;
INSERT INTO test_schema_1.abc DEFAULT VALUES;
INSERT INTO test_schema_1.abc DEFAULT VALUES;
SELECT * FROM test_schema_1.abc;
INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
SELECT * FROM test_ns_schema_1.abc;
a | b
---+---
1 |
......@@ -28,7 +28,7 @@ SELECT * FROM test_schema_1.abc;
3 |
(3 rows)
SELECT * FROM test_schema_1.abc_view;
SELECT * FROM test_ns_schema_1.abc_view;
a | b
---+---
2 |
......@@ -36,20 +36,20 @@ SELECT * FROM test_schema_1.abc_view;
4 |
(3 rows)
ALTER SCHEMA test_schema_1 RENAME TO test_schema_renamed;
ALTER SCHEMA test_ns_schema_1 RENAME TO test_ns_schema_renamed;
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
(SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
count
-------
0
(1 row)
-- test IF NOT EXISTS cases
CREATE SCHEMA test_schema_renamed; -- fail, already exists
ERROR: schema "test_schema_renamed" already exists
CREATE SCHEMA IF NOT EXISTS test_schema_renamed; -- ok with notice
NOTICE: schema "test_schema_renamed" already exists, skipping
CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed
CREATE SCHEMA test_ns_schema_renamed; -- fail, already exists
ERROR: schema "test_ns_schema_renamed" already exists
CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed; -- ok with notice
NOTICE: schema "test_ns_schema_renamed" already exists, skipping
CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed -- fail, disallowed
CREATE TABLE abc (
a serial,
b int UNIQUE
......@@ -57,13 +57,13 @@ CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed
ERROR: CREATE SCHEMA IF NOT EXISTS cannot include schema elements
LINE 2: CREATE TABLE abc (
^
DROP SCHEMA test_schema_renamed CASCADE;
DROP SCHEMA test_ns_schema_renamed CASCADE;
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table test_schema_renamed.abc
drop cascades to view test_schema_renamed.abc_view
DETAIL: drop cascades to table test_ns_schema_renamed.abc
drop cascades to view test_ns_schema_renamed.abc_view
-- verify that the objects were dropped
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_renamed');
(SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_renamed');
count
-------
0
......
......@@ -4,14 +4,14 @@
-- Clean up in case a prior regression run failed
-- Suppress NOTICE messages when users/groups don't exist
SET client_min_messages TO 'warning';
DROP ROLE IF EXISTS regress_group1;
DROP ROLE IF EXISTS regress_group2;
DROP ROLE IF EXISTS regress_user1;
DROP ROLE IF EXISTS regress_user2;
DROP ROLE IF EXISTS regress_user3;
DROP ROLE IF EXISTS regress_user4;
DROP ROLE IF EXISTS regress_user5;
DROP ROLE IF EXISTS regress_user6;
DROP ROLE IF EXISTS regress_priv_group1;
DROP ROLE IF EXISTS regress_priv_group2;
DROP ROLE IF EXISTS regress_priv_user1;
DROP ROLE IF EXISTS regress_priv_user2;
DROP ROLE IF EXISTS regress_priv_user3;
DROP ROLE IF EXISTS regress_priv_user4;
DROP ROLE IF EXISTS regress_priv_user5;
DROP ROLE IF EXISTS regress_priv_user6;
SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
lo_unlink
-----------
......@@ -19,26 +19,26 @@ SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3
RESET client_min_messages;
-- test proper begins here
CREATE USER regress_user1;
CREATE USER regress_user2;
CREATE USER regress_user3;
CREATE USER regress_user4;
CREATE USER regress_user5;
CREATE USER regress_user5; -- duplicate
ERROR: role "regress_user5" already exists
CREATE GROUP regress_group1;
CREATE GROUP regress_group2 WITH USER regress_user1, regress_user2;
ALTER GROUP regress_group1 ADD USER regress_user4;
ALTER GROUP regress_group2 ADD USER regress_user2; -- duplicate
NOTICE: role "regress_user2" is already a member of role "regress_group2"
ALTER GROUP regress_group2 DROP USER regress_user2;
GRANT regress_group2 TO regress_user4 WITH ADMIN OPTION;
CREATE USER regress_priv_user1;
CREATE USER regress_priv_user2;
CREATE USER regress_priv_user3;
CREATE USER regress_priv_user4;
CREATE USER regress_priv_user5;
CREATE USER regress_priv_user5; -- duplicate
ERROR: role "regress_priv_user5" already exists
CREATE GROUP regress_priv_group1;
CREATE GROUP regress_priv_group2 WITH USER regress_priv_user1, regress_priv_user2;
ALTER GROUP regress_priv_group1 ADD USER regress_priv_user4;
ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2; -- duplicate
NOTICE: role "regress_priv_user2" is already a member of role "regress_priv_group2"
ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2;
GRANT regress_priv_group2 TO regress_priv_user4 WITH ADMIN OPTION;
-- test owner privileges
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT session_user, current_user;
session_user | current_user
---------------+---------------
regress_user1 | regress_user1
session_user | current_user
--------------------+--------------------
regress_priv_user1 | regress_priv_user1
(1 row)
CREATE TABLE atest1 ( a int, b text );
......@@ -60,23 +60,23 @@ SELECT * FROM atest1;
---+---
(0 rows)
GRANT ALL ON atest1 TO regress_user2;
GRANT SELECT ON atest1 TO regress_user3, regress_user4;
GRANT ALL ON atest1 TO regress_priv_user2;
GRANT SELECT ON atest1 TO regress_priv_user3, regress_priv_user4;
SELECT * FROM atest1;
a | b
---+---
(0 rows)
CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
GRANT SELECT ON atest2 TO regress_user2;
GRANT UPDATE ON atest2 TO regress_user3;
GRANT INSERT ON atest2 TO regress_user4;
GRANT TRUNCATE ON atest2 TO regress_user5;
SET SESSION AUTHORIZATION regress_user2;
GRANT SELECT ON atest2 TO regress_priv_user2;
GRANT UPDATE ON atest2 TO regress_priv_user3;
GRANT INSERT ON atest2 TO regress_priv_user4;
GRANT TRUNCATE ON atest2 TO regress_priv_user5;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT session_user, current_user;
session_user | current_user
---------------+---------------
regress_user2 | regress_user2
session_user | current_user
--------------------+--------------------
regress_priv_user2 | regress_priv_user2
(1 row)
-- try various combinations of queries on atest1 and atest2
......@@ -129,11 +129,11 @@ SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
------+------
(0 rows)
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
SELECT session_user, current_user;
session_user | current_user
---------------+---------------
regress_user3 | regress_user3
session_user | current_user
--------------------+--------------------
regress_priv_user3 | regress_priv_user3
(1 row)
SELECT * FROM atest1; -- ok
......@@ -175,7 +175,7 @@ SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
ERROR: permission denied for table atest2
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
ERROR: permission denied for table atest2
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
COPY atest2 FROM stdin; -- ok
SELECT * FROM atest1; -- ok
a | b
......@@ -185,8 +185,8 @@ SELECT * FROM atest1; -- ok
(2 rows)
-- test leaky-function protections in selfuncs
-- regress_user1 will own a table and provide a view for it.
SET SESSION AUTHORIZATION regress_user1;
-- regress_priv_user1 will own a table and provide a view for it.
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest12 as
SELECT x AS a, 10001 - x AS b FROM generate_series(1,10000) x;
CREATE INDEX ON atest12 (a);
......@@ -225,8 +225,8 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
Index Cond: (a = y.b)
(5 rows)
-- Check if regress_user2 can break security.
SET SESSION AUTHORIZATION regress_user2;
-- Check if regress_priv_user2 can break security.
SET SESSION AUTHORIZATION regress_priv_user2;
CREATE FUNCTION leak2(integer,integer) RETURNS boolean
AS $$begin raise notice 'leak % %', $1, $2; return $1 > $2; end$$
LANGUAGE plpgsql immutable;
......@@ -248,11 +248,11 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
Filter: (b <<< 5)
(7 rows)
-- Now regress_user1 grants sufficient access to regress_user2.
SET SESSION AUTHORIZATION regress_user1;
-- Now regress_priv_user1 grants sufficient access to regress_priv_user2.
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (a, b) ON atest12 TO PUBLIC;
SET SESSION AUTHORIZATION regress_user2;
-- Now regress_user2 will also get a good row estimate.
SET SESSION AUTHORIZATION regress_priv_user2;
-- Now regress_priv_user2 will also get a good row estimate.
EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
QUERY PLAN
-------------------------------------------------
......@@ -278,19 +278,19 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
Filter: (abs(a) <<< 5)
(6 rows)
-- clean up (regress_user1's objects are all dropped later)
-- clean up (regress_priv_user1's objects are all dropped later)
DROP FUNCTION leak2(integer, integer) CASCADE;
NOTICE: drop cascades to operator >>>(integer,integer)
-- groups
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
CREATE TABLE atest3 (one int, two int, three int);
GRANT DELETE ON atest3 TO GROUP regress_group2;
SET SESSION AUTHORIZATION regress_user1;
GRANT DELETE ON atest3 TO GROUP regress_priv_group2;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM atest3; -- fail
ERROR: permission denied for table atest3
DELETE FROM atest3; -- ok
-- views
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
/* The next *should* fail, but it's not implemented that way yet. */
CREATE VIEW atestv2 AS SELECT * FROM atest2;
......@@ -306,9 +306,9 @@ SELECT * FROM atestv1; -- ok
SELECT * FROM atestv2; -- fail
ERROR: permission denied for table atest2
GRANT SELECT ON atestv1, atestv3 TO regress_user4;
GRANT SELECT ON atestv2 TO regress_user2;
SET SESSION AUTHORIZATION regress_user4;
GRANT SELECT ON atestv1, atestv3 TO regress_priv_user4;
GRANT SELECT ON atestv2 TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atestv1; -- ok
a | b
---+-----
......@@ -346,12 +346,12 @@ SELECT * FROM atestv4; -- ok
-----+-----+-------
(0 rows)
GRANT SELECT ON atestv4 TO regress_user2;
SET SESSION AUTHORIZATION regress_user2;
GRANT SELECT ON atestv4 TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
-- Two complex cases:
SELECT * FROM atestv3; -- fail
ERROR: permission denied for view atestv3
SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3)
SELECT * FROM atestv4; -- ok (even though regress_priv_user2 cannot access underlying atestv3)
one | two | three
-----+-----+-------
(0 rows)
......@@ -362,16 +362,16 @@ SELECT * FROM atest2; -- ok
bar | t
(1 row)
SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2)
SELECT * FROM atestv2; -- fail (even though regress_priv_user2 can access underlying atest2)
ERROR: permission denied for table atest2
-- Test column level permissions
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest5 (one int, two int unique, three int, four int unique);
CREATE TABLE atest6 (one int, two int, blue int);
GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_user4;
GRANT ALL (one) ON atest5 TO regress_user3;
GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user4;
GRANT ALL (one) ON atest5 TO regress_priv_user3;
INSERT INTO atest5 VALUES (1,2,3);
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest5; -- fail
ERROR: permission denied for table atest5
SELECT one FROM atest5; -- ok
......@@ -437,14 +437,14 @@ SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -
SELECT one, two FROM atest5; -- fail
ERROR: permission denied for table atest5
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT (one,two) ON atest6 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (one,two) ON atest6 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
ERROR: permission denied for table atest5
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT (two) ON atest5 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (two) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
one | two
-----+-----
......@@ -490,23 +490,23 @@ ERROR: permission denied for table atest5
-- Check that the columns in the inference require select privileges
INSERT INTO atest5(four) VALUES (4); -- fail
ERROR: permission denied for table atest5
SET SESSION AUTHORIZATION regress_user1;
GRANT INSERT (four) ON atest5 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT INSERT (four) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT)
ERROR: permission denied for table atest5
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT)
ERROR: permission denied for table atest5
INSERT INTO atest5(four) VALUES (4); -- ok
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT (four) ON atest5 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (four) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- ok
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- ok
SET SESSION AUTHORIZATION regress_user1;
REVOKE ALL (one) ON atest5 FROM regress_user4;
GRANT SELECT (one,two,blue) ON atest6 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
REVOKE ALL (one) ON atest5 FROM regress_priv_user4;
GRANT SELECT (one,two,blue) ON atest6 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one FROM atest5; -- fail
ERROR: permission denied for table atest5
UPDATE atest5 SET one = 1; -- fail
......@@ -518,18 +518,18 @@ SELECT atest6 FROM atest6; -- ok
COPY atest6 TO stdout; -- ok
-- check error reporting with column privs
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE t1 (c1 int, c2 int, c3 int check (c3 < 5), primary key (c1, c2));
GRANT SELECT (c1) ON t1 TO regress_user2;
GRANT INSERT (c1, c2, c3) ON t1 TO regress_user2;
GRANT UPDATE (c1, c2, c3) ON t1 TO regress_user2;
GRANT SELECT (c1) ON t1 TO regress_priv_user2;
GRANT INSERT (c1, c2, c3) ON t1 TO regress_priv_user2;
GRANT UPDATE (c1, c2, c3) ON t1 TO regress_priv_user2;
-- seed data
INSERT INTO t1 VALUES (1, 1, 1);
INSERT INTO t1 VALUES (1, 2, 1);
INSERT INTO t1 VALUES (2, 1, 2);
INSERT INTO t1 VALUES (2, 2, 2);
INSERT INTO t1 VALUES (3, 1, 3);
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
INSERT INTO t1 (c1, c2) VALUES (1, 1); -- fail, but row not shown
ERROR: duplicate key value violates unique constraint "t1_pkey"
UPDATE t1 SET c2 = 1; -- fail, but row not shown
......@@ -546,23 +546,23 @@ DETAIL: Failing row contains (c1) = (5).
UPDATE t1 SET c3 = 10; -- fail, but see columns with SELECT rights, or being modified
ERROR: new row for relation "t1" violates check constraint "t1_c3_check"
DETAIL: Failing row contains (c1, c3) = (1, 10).
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
DROP TABLE t1;
-- test column-level privileges when involved with DELETE
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 ADD COLUMN three integer;
GRANT DELETE ON atest5 TO regress_user3;
GRANT SELECT (two) ON atest5 TO regress_user3;
REVOKE ALL (one) ON atest5 FROM regress_user3;
GRANT SELECT (one) ON atest5 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
GRANT DELETE ON atest5 TO regress_priv_user3;
GRANT SELECT (two) ON atest5 TO regress_priv_user3;
REVOKE ALL (one) ON atest5 FROM regress_priv_user3;
GRANT SELECT (one) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- fail
ERROR: permission denied for table atest6
SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
ERROR: permission denied for table atest5
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN three;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- ok
atest6
--------
......@@ -573,26 +573,26 @@ SELECT one FROM atest5 NATURAL JOIN atest6; -- ok
-----
(0 rows)
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN two;
REVOKE SELECT (one,blue) ON atest6 FROM regress_user4;
SET SESSION AUTHORIZATION regress_user4;
REVOKE SELECT (one,blue) ON atest6 FROM regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest6; -- fail
ERROR: permission denied for table atest6
SELECT 1 FROM atest6; -- fail
ERROR: permission denied for table atest6
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
DELETE FROM atest5 WHERE one = 1; -- fail
ERROR: permission denied for table atest5
DELETE FROM atest5 WHERE two = 2; -- ok
-- check inheritance cases
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atestp1 (f1 int, f2 int) WITH OIDS;
CREATE TABLE atestp2 (fx int, fy int) WITH OIDS;
CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2);
GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_user2;
GRANT SELECT(fx) ON atestc TO regress_user2;
SET SESSION AUTHORIZATION regress_user2;
GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_priv_user2;
GRANT SELECT(fx) ON atestc TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- ok
fx
----
......@@ -615,9 +615,9 @@ SELECT oid FROM atestp2; -- ok
SELECT fy FROM atestc; -- fail
ERROR: permission denied for table atestc
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT(fy,oid) ON atestc TO regress_user2;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT(fy,oid) ON atestc TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- still ok
fx
----
......@@ -642,39 +642,39 @@ SELECT oid FROM atestp2; -- ok
-- switch to superuser
\c -
REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC;
GRANT USAGE ON LANGUAGE sql TO regress_user1; -- ok
GRANT USAGE ON LANGUAGE sql TO regress_priv_user1; -- ok
GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail
ERROR: language "c" is not trusted
DETAIL: GRANT and REVOKE are not allowed on untrusted languages, because only superusers can use untrusted languages.
SET SESSION AUTHORIZATION regress_user1;
GRANT USAGE ON LANGUAGE sql TO regress_user2; -- fail
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT USAGE ON LANGUAGE sql TO regress_priv_user2; -- fail
WARNING: no privileges were granted for "sql"
CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql;
CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testagg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testproc1(int) AS 'select $1;' LANGUAGE sql;
REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_user2;
GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_priv_user2;
REVOKE ALL ON FUNCTION testproc1(int) FROM PUBLIC; -- fail, not a function
ERROR: testproc1(integer) is not a function
REVOKE ALL ON PROCEDURE testproc1(int) FROM PUBLIC;
GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_user2;
GRANT USAGE ON FUNCTION testfunc1(int) TO regress_user3; -- semantic error
GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_priv_user2;
GRANT USAGE ON FUNCTION testfunc1(int) TO regress_priv_user3; -- semantic error
ERROR: invalid privilege type USAGE for function
GRANT USAGE ON FUNCTION testagg1(int) TO regress_user3; -- semantic error
GRANT USAGE ON FUNCTION testagg1(int) TO regress_priv_user3; -- semantic error
ERROR: invalid privilege type USAGE for function
GRANT USAGE ON PROCEDURE testproc1(int) TO regress_user3; -- semantic error
GRANT USAGE ON PROCEDURE testproc1(int) TO regress_priv_user3; -- semantic error
ERROR: invalid privilege type USAGE for procedure
GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_user4;
GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_user4;
GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_priv_user4;
GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_priv_user4;
ERROR: function testfunc_nosuch(integer) does not exist
GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_user4;
GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_user4;
GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_priv_user4;
GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_priv_user4;
CREATE FUNCTION testfunc4(boolean) RETURNS text
AS 'select col1 from atest2 where col2 = $1;'
LANGUAGE sql SECURITY DEFINER;
GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_user3;
SET SESSION AUTHORIZATION regress_user2;
GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_priv_user3;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT testfunc1(5), testfunc2(5); -- ok
testfunc1 | testfunc2
-----------+-----------
......@@ -690,7 +690,7 @@ SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok
(1 row)
CALL testproc1(6); -- ok
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
SELECT testfunc1(5); -- fail
ERROR: permission denied for function testfunc1
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail
......@@ -705,7 +705,7 @@ SELECT testfunc4(true); -- ok
bar
(1 row)
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT testfunc1(5); -- ok
testfunc1
-----------
......@@ -744,7 +744,7 @@ SELECT '{1}'::int4[]::int8[]; --superuser, suceed
{1}
(1 row)
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT '{1}'::int4[]::int8[]; --other user, fail
ERROR: permission denied for function int8
ROLLBACK;
......@@ -753,17 +753,17 @@ ROLLBACK;
\c -
CREATE TYPE testtype1 AS (a int, b text);
REVOKE USAGE ON TYPE testtype1 FROM PUBLIC;
GRANT USAGE ON TYPE testtype1 TO regress_user2;
GRANT USAGE ON TYPE _testtype1 TO regress_user2; -- fail
GRANT USAGE ON TYPE testtype1 TO regress_priv_user2;
GRANT USAGE ON TYPE _testtype1 TO regress_priv_user2; -- fail
ERROR: cannot set privileges of array types
HINT: Set the privileges of the element type instead.
GRANT USAGE ON DOMAIN testtype1 TO regress_user2; -- fail
GRANT USAGE ON DOMAIN testtype1 TO regress_priv_user2; -- fail
ERROR: "testtype1" is not a domain
CREATE DOMAIN testdomain1 AS int;
REVOKE USAGE on DOMAIN testdomain1 FROM PUBLIC;
GRANT USAGE ON DOMAIN testdomain1 TO regress_user2;
GRANT USAGE ON TYPE testdomain1 TO regress_user2; -- ok
SET SESSION AUTHORIZATION regress_user1;
GRANT USAGE ON DOMAIN testdomain1 TO regress_priv_user2;
GRANT USAGE ON TYPE testdomain1 TO regress_priv_user2; -- ok
SET SESSION AUTHORIZATION regress_priv_user1;
-- commands that should fail
CREATE AGGREGATE testagg1a(testdomain1) (sfunc = int4_sum, stype = bigint);
ERROR: permission denied for type testdomain1
......@@ -803,7 +803,7 @@ CREATE TABLE test11a AS (SELECT 1::testdomain1 AS a);
ERROR: permission denied for type testdomain1
REVOKE ALL ON TYPE testtype1 FROM PUBLIC;
ERROR: permission denied for type testtype1
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
-- commands that should succeed
CREATE AGGREGATE testagg1b(testdomain1) (sfunc = int4_sum, stype = bigint);
CREATE DOMAIN testdomain2b AS testdomain1;
......@@ -846,7 +846,7 @@ DROP TABLE test11b;
DROP TYPE testtype1; -- ok
DROP DOMAIN testdomain1; -- ok
-- truncate
SET SESSION AUTHORIZATION regress_user5;
SET SESSION AUTHORIZATION regress_priv_user5;
TRUNCATE atest2; -- ok
TRUNCATE atest3; -- fail
ERROR: permission denied for table atest3
......@@ -969,7 +969,7 @@ from (select oid from pg_class where relname = 'pg_authid') as t1;
(1 row)
-- non-superuser
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
select has_table_privilege(current_user,'pg_class','select');
has_table_privilege
---------------------
......@@ -1133,93 +1133,93 @@ from (select oid from pg_class where relname = 'atest1') as t1;
(1 row)
-- Grant options
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest4 (a int);
GRANT SELECT ON atest4 TO regress_user2 WITH GRANT OPTION;
GRANT UPDATE ON atest4 TO regress_user2;
GRANT SELECT ON atest4 TO GROUP regress_group1 WITH GRANT OPTION;
SET SESSION AUTHORIZATION regress_user2;
GRANT SELECT ON atest4 TO regress_user3;
GRANT UPDATE ON atest4 TO regress_user3; -- fail
GRANT SELECT ON atest4 TO regress_priv_user2 WITH GRANT OPTION;
GRANT UPDATE ON atest4 TO regress_priv_user2;
GRANT SELECT ON atest4 TO GROUP regress_priv_group1 WITH GRANT OPTION;
SET SESSION AUTHORIZATION regress_priv_user2;
GRANT SELECT ON atest4 TO regress_priv_user3;
GRANT UPDATE ON atest4 TO regress_priv_user3; -- fail
WARNING: no privileges were granted for "atest4"
SET SESSION AUTHORIZATION regress_user1;
REVOKE SELECT ON atest4 FROM regress_user3; -- does nothing
SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- true
SET SESSION AUTHORIZATION regress_priv_user1;
REVOKE SELECT ON atest4 FROM regress_priv_user3; -- does nothing
SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
REVOKE SELECT ON atest4 FROM regress_user2; -- fail
REVOKE SELECT ON atest4 FROM regress_priv_user2; -- fail
ERROR: dependent privileges exist
HINT: Use CASCADE to revoke them too.
REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_user2 CASCADE; -- ok
SELECT has_table_privilege('regress_user2', 'atest4', 'SELECT'); -- true
REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_priv_user2 CASCADE; -- ok
SELECT has_table_privilege('regress_priv_user2', 'atest4', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- false
SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- false
has_table_privilege
---------------------
f
(1 row)
SELECT has_table_privilege('regress_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
has_table_privilege
---------------------
t
(1 row)
-- Admin options
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS
'GRANT regress_group2 TO regress_user5';
GRANT regress_group2 TO regress_user5; -- ok: had ADMIN OPTION
SET ROLE regress_group2;
GRANT regress_group2 TO regress_user5; -- fails: SET ROLE suspended privilege
ERROR: must have admin option on role "regress_group2"
SET SESSION AUTHORIZATION regress_user1;
GRANT regress_group2 TO regress_user5; -- fails: no ADMIN OPTION
ERROR: must have admin option on role "regress_group2"
'GRANT regress_priv_group2 TO regress_priv_user5';
GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION
SET ROLE regress_priv_group2;
GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege
ERROR: must have admin option on role "regress_priv_group2"
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION
ERROR: must have admin option on role "regress_priv_group2"
SELECT dogrant_ok(); -- ok: SECURITY DEFINER conveys ADMIN
NOTICE: role "regress_user5" is already a member of role "regress_group2"
NOTICE: role "regress_priv_user5" is already a member of role "regress_priv_group2"
dogrant_ok
------------
(1 row)
SET ROLE regress_group2;
GRANT regress_group2 TO regress_user5; -- fails: SET ROLE did not help
ERROR: must have admin option on role "regress_group2"
SET SESSION AUTHORIZATION regress_group2;
GRANT regress_group2 TO regress_user5; -- ok: a role can self-admin
NOTICE: role "regress_user5" is already a member of role "regress_group2"
SET ROLE regress_priv_group2;
GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help
ERROR: must have admin option on role "regress_priv_group2"
SET SESSION AUTHORIZATION regress_priv_group2;
GRANT regress_priv_group2 TO regress_priv_user5; -- ok: a role can self-admin
NOTICE: role "regress_priv_user5" is already a member of role "regress_priv_group2"
CREATE FUNCTION dogrant_fails() RETURNS void LANGUAGE sql SECURITY DEFINER AS
'GRANT regress_group2 TO regress_user5';
'GRANT regress_priv_group2 TO regress_priv_user5';
SELECT dogrant_fails(); -- fails: no self-admin in SECURITY DEFINER
ERROR: must have admin option on role "regress_group2"
ERROR: must have admin option on role "regress_priv_group2"
CONTEXT: SQL function "dogrant_fails" statement 1
DROP FUNCTION dogrant_fails();
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
DROP FUNCTION dogrant_ok();
REVOKE regress_group2 FROM regress_user5;
REVOKE regress_priv_group2 FROM regress_priv_user5;
-- has_sequence_privilege tests
\c -
CREATE SEQUENCE x_seq;
GRANT USAGE on x_seq to regress_user2;
SELECT has_sequence_privilege('regress_user1', 'atest1', 'SELECT');
GRANT USAGE on x_seq to regress_priv_user2;
SELECT has_sequence_privilege('regress_priv_user1', 'atest1', 'SELECT');
ERROR: "atest1" is not a sequence
SELECT has_sequence_privilege('regress_user1', 'x_seq', 'INSERT');
SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'INSERT');
ERROR: unrecognized privilege type: "INSERT"
SELECT has_sequence_privilege('regress_user1', 'x_seq', 'SELECT');
SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'SELECT');
has_sequence_privilege
------------------------
f
(1 row)
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT has_sequence_privilege('x_seq', 'USAGE');
has_sequence_privilege
------------------------
......@@ -1228,7 +1228,7 @@ SELECT has_sequence_privilege('x_seq', 'USAGE');
-- largeobject privilege tests
\c -
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT lo_create(1001);
lo_create
-----------
......@@ -1260,10 +1260,10 @@ SELECT lo_create(1005);
(1 row)
GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
GRANT SELECT ON LARGE OBJECT 1003 TO regress_user2;
GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_user2;
GRANT ALL ON LARGE OBJECT 1005 TO regress_user2;
GRANT SELECT ON LARGE OBJECT 1005 TO regress_user2 WITH GRANT OPTION;
GRANT SELECT ON LARGE OBJECT 1003 TO regress_priv_user2;
GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_priv_user2;
GRANT ALL ON LARGE OBJECT 1005 TO regress_priv_user2;
GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user2 WITH GRANT OPTION;
GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed
ERROR: invalid privilege type INSERT for large object
GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed
......@@ -1271,7 +1271,7 @@ ERROR: role "nosuchuser" does not exist
GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed
ERROR: large object 999 does not exist
\c -
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT lo_create(2001);
lo_create
-----------
......@@ -1328,11 +1328,11 @@ SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
4
(1 row)
GRANT SELECT ON LARGE OBJECT 1005 TO regress_user3;
GRANT UPDATE ON LARGE OBJECT 1006 TO regress_user3; -- to be denied
GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user3;
GRANT UPDATE ON LARGE OBJECT 1006 TO regress_priv_user3; -- to be denied
ERROR: large object 1006 does not exist
REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
GRANT ALL ON LARGE OBJECT 2001 TO regress_user3;
GRANT ALL ON LARGE OBJECT 2001 TO regress_priv_user3;
SELECT lo_unlink(1001); -- to be denied
ERROR: must be owner of large object 1001
SELECT lo_unlink(2002);
......@@ -1344,17 +1344,17 @@ SELECT lo_unlink(2002);
\c -
-- confirm ACL setting
SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
oid | ownername | lomacl
------+---------------+------------------------------------------------------------------------------------------------
1001 | regress_user1 | {regress_user1=rw/regress_user1,=rw/regress_user1}
1002 | regress_user1 |
1003 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=r/regress_user1}
1004 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=rw/regress_user1}
1005 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=r*w/regress_user1,regress_user3=r/regress_user2}
2001 | regress_user2 | {regress_user2=rw/regress_user2,regress_user3=rw/regress_user2}
oid | ownername | lomacl
------+--------------------+------------------------------------------------------------------------------------------------------------------------------
1001 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,=rw/regress_priv_user1}
1002 | regress_priv_user1 |
1003 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r/regress_priv_user1}
1004 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=rw/regress_priv_user1}
1005 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r*w/regress_priv_user1,regress_priv_user3=r/regress_priv_user2}
2001 | regress_priv_user2 | {regress_priv_user2=rw/regress_priv_user2,regress_priv_user3=rw/regress_priv_user2}
(6 rows)
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
SELECT loread(lo_open(1001, x'40000'::int), 32);
loread
------------
......@@ -1380,7 +1380,7 @@ SELECT lo_truncate(lo_open(2001, x'20000'::int), 10);
-- compatibility mode in largeobject permission
\c -
SET lo_compat_privileges = false; -- default setting
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
ERROR: permission denied for large object 1002
SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
......@@ -1399,7 +1399,7 @@ SELECT lo_import('/dev/null', 2003); -- to be denied
ERROR: permission denied for function lo_import
\c -
SET lo_compat_privileges = true; -- compatibility mode
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32);
loread
--------
......@@ -1433,34 +1433,34 @@ SELECT * FROM pg_largeobject LIMIT 0;
------+--------+------
(0 rows)
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM pg_largeobject LIMIT 0; -- to be denied
ERROR: permission denied for table pg_largeobject
-- test default ACLs
\c -
CREATE SCHEMA testns;
GRANT ALL ON SCHEMA testns TO regress_user1;
GRANT ALL ON SCHEMA testns TO regress_priv_user1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
has_table_privilege
---------------------
f
(1 row)
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
(1 row)
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
has_table_privilege
---------------------
f
(1 row)
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
......@@ -1468,124 +1468,124 @@ SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
has_table_privilege
---------------------
t
(1 row)
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
(1 row)
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_user1;
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
has_table_privilege
---------------------
t
(1 row)
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- yes
has_table_privilege
---------------------
t
(1 row)
ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_user1;
ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
has_table_privilege
---------------------
t
(1 row)
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
(1 row)
ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_user2; -- error
ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error
ERROR: cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS
ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_user2;
ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns2;
SELECT has_schema_privilege('regress_user2', 'testns2', 'USAGE'); -- yes
SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'USAGE'); -- yes
has_schema_privilege
----------------------
t
(1 row)
SELECT has_schema_privilege('regress_user2', 'testns2', 'CREATE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'CREATE'); -- no
has_schema_privilege
----------------------
f
(1 row)
ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_user2;
ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns3;
SELECT has_schema_privilege('regress_user2', 'testns3', 'USAGE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'USAGE'); -- no
has_schema_privilege
----------------------
f
(1 row)
SELECT has_schema_privilege('regress_user2', 'testns3', 'CREATE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'CREATE'); -- no
has_schema_privilege
----------------------
f
(1 row)
ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_user2;
ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns4;
SELECT has_schema_privilege('regress_user2', 'testns4', 'USAGE'); -- yes
SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'USAGE'); -- yes
has_schema_privilege
----------------------
t
(1 row)
SELECT has_schema_privilege('regress_user2', 'testns4', 'CREATE'); -- yes
SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes
has_schema_privilege
----------------------
t
(1 row)
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_user2;
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns5;
SELECT has_schema_privilege('regress_user2', 'testns5', 'USAGE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no
has_schema_privilege
----------------------
f
(1 row)
SELECT has_schema_privilege('regress_user2', 'testns5', 'CREATE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'CREATE'); -- no
has_schema_privilege
----------------------
f
(1 row)
SET ROLE regress_user1;
SET ROLE regress_priv_user1;
CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- no
has_function_privilege
------------------------
f
(1 row)
SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
has_function_privilege
------------------------
f
(1 row)
SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- no
has_function_privilege
------------------------
f
......@@ -1598,19 +1598,19 @@ DROP AGGREGATE testns.agg1(int);
CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
DROP PROCEDURE testns.bar();
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- yes
SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- yes
has_function_privilege
------------------------
t
(1 row)
SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
has_function_privilege
------------------------
t
(1 row)
SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
has_function_privilege
------------------------
t
......@@ -1619,9 +1619,9 @@ SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- ye
DROP FUNCTION testns.foo();
DROP AGGREGATE testns.agg1(int);
DROP PROCEDURE testns.bar();
ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE USAGE ON TYPES FROM public;
ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE USAGE ON TYPES FROM public;
CREATE DOMAIN testns.testdomain1 AS int;
SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no
SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- no
has_type_privilege
--------------------
f
......@@ -1630,7 +1630,7 @@ SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public;
DROP DOMAIN testns.testdomain1;
CREATE DOMAIN testns.testdomain1 AS int;
SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- yes
SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- yes
has_type_privilege
--------------------
t
......@@ -1664,33 +1664,33 @@ SELECT d.* -- check that entries went away
CREATE SCHEMA testns;
CREATE TABLE testns.t1 (f1 int);
CREATE TABLE testns.t2 (f1 int);
SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
has_table_privilege
---------------------
f
(1 row)
GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_user1;
SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- true
GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_priv_user1;
SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- true
SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_user1;
SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_priv_user1;
SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
has_table_privilege
---------------------
f
(1 row)
SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false
SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- false
has_table_privilege
---------------------
f
......@@ -1699,64 +1699,64 @@ SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false
CREATE FUNCTION testns.testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testns.testagg(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.testproc(int) AS 'select 3' LANGUAGE sql;
SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
has_function_privilege
------------------------
t
(1 row)
SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
has_function_privilege
------------------------
t
(1 row)
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
has_function_privilege
------------------------
t
(1 row)
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC;
SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
has_function_privilege
------------------------
f
(1 row)
SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
has_function_privilege
------------------------
f
(1 row)
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
has_function_privilege
------------------------
t
(1 row)
REVOKE ALL ON ALL PROCEDURES IN SCHEMA testns FROM PUBLIC;
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
has_function_privilege
------------------------
f
(1 row)
GRANT ALL ON ALL ROUTINES IN SCHEMA testns TO PUBLIC;
SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
has_function_privilege
------------------------
t
(1 row)
SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
has_function_privilege
------------------------
t
(1 row)
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
has_function_privilege
------------------------
t
......@@ -1796,53 +1796,53 @@ DROP ROLE regress_schemauser1;
DROP ROLE regress_schemauser_renamed;
-- test that dependent privileges are revoked (or not) properly
\c -
set session role regress_user1;
set session role regress_priv_user1;
create table dep_priv_test (a int);
grant select on dep_priv_test to regress_user2 with grant option;
grant select on dep_priv_test to regress_user3 with grant option;
set session role regress_user2;
grant select on dep_priv_test to regress_user4 with grant option;
set session role regress_user3;
grant select on dep_priv_test to regress_user4 with grant option;
set session role regress_user4;
grant select on dep_priv_test to regress_user5;
grant select on dep_priv_test to regress_priv_user2 with grant option;
grant select on dep_priv_test to regress_priv_user3 with grant option;
set session role regress_priv_user2;
grant select on dep_priv_test to regress_priv_user4 with grant option;
set session role regress_priv_user3;
grant select on dep_priv_test to regress_priv_user4 with grant option;
set session role regress_priv_user4;
grant select on dep_priv_test to regress_priv_user5;
\dp dep_priv_test
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------------+-------+-------------------------------------+-------------------+----------
public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| |
| | | regress_user2=r*/regress_user1 +| |
| | | regress_user3=r*/regress_user1 +| |
| | | regress_user4=r*/regress_user2 +| |
| | | regress_user4=r*/regress_user3 +| |
| | | regress_user5=r/regress_user4 | |
(1 row)
set session role regress_user2;
revoke select on dep_priv_test from regress_user4 cascade;
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------------+-------+-----------------------------------------------+-------------------+----------
public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| |
| | | regress_priv_user2=r*/regress_priv_user1 +| |
| | | regress_priv_user3=r*/regress_priv_user1 +| |
| | | regress_priv_user4=r*/regress_priv_user2 +| |
| | | regress_priv_user4=r*/regress_priv_user3 +| |
| | | regress_priv_user5=r/regress_priv_user4 | |
(1 row)
set session role regress_priv_user2;
revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------------+-------+-------------------------------------+-------------------+----------
public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| |
| | | regress_user2=r*/regress_user1 +| |
| | | regress_user3=r*/regress_user1 +| |
| | | regress_user4=r*/regress_user3 +| |
| | | regress_user5=r/regress_user4 | |
(1 row)
set session role regress_user3;
revoke select on dep_priv_test from regress_user4 cascade;
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------------+-------+-----------------------------------------------+-------------------+----------
public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| |
| | | regress_priv_user2=r*/regress_priv_user1 +| |
| | | regress_priv_user3=r*/regress_priv_user1 +| |
| | | regress_priv_user4=r*/regress_priv_user3 +| |
| | | regress_priv_user5=r/regress_priv_user4 | |
(1 row)
set session role regress_priv_user3;
revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------------+-------+-------------------------------------+-------------------+----------
public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| |
| | | regress_user2=r*/regress_user1 +| |
| | | regress_user3=r*/regress_user1 | |
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------------+-------+-----------------------------------------------+-------------------+----------
public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| |
| | | regress_priv_user2=r*/regress_priv_user1 +| |
| | | regress_priv_user3=r*/regress_priv_user1 | |
(1 row)
set session role regress_user1;
set session role regress_priv_user1;
drop table dep_priv_test;
-- clean up
\c
......@@ -1879,18 +1879,18 @@ SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3
1
(5 rows)
DROP GROUP regress_group1;
DROP GROUP regress_group2;
DROP GROUP regress_priv_group1;
DROP GROUP regress_priv_group2;
-- these are needed to clean up permissions
REVOKE USAGE ON LANGUAGE sql FROM regress_user1;
DROP OWNED BY regress_user1;
DROP USER regress_user1;
DROP USER regress_user2;
DROP USER regress_user3;
DROP USER regress_user4;
DROP USER regress_user5;
DROP USER regress_user6;
ERROR: role "regress_user6" does not exist
REVOKE USAGE ON LANGUAGE sql FROM regress_priv_user1;
DROP OWNED BY regress_priv_user1;
DROP USER regress_priv_user1;
DROP USER regress_priv_user2;
DROP USER regress_priv_user3;
DROP USER regress_priv_user4;
DROP USER regress_priv_user5;
DROP USER regress_priv_user6;
ERROR: role "regress_priv_user6" does not exist
-- permissions with LOCK TABLE
CREATE USER regress_locktable_user;
CREATE TABLE lock_table (a int);
......
......@@ -813,7 +813,7 @@ NOTICE: role "nonexistent" does not exist, skipping
GRANT regress_testrol0 TO pg_signal_backend; -- success
SET ROLE pg_signal_backend; --success
RESET ROLE;
CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success
CREATE SCHEMA test_roles_schema AUTHORIZATION pg_signal_backend; --success
SET ROLE regress_testrol2;
UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_';
SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_';
......@@ -946,7 +946,7 @@ SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_';
-- clean up
\c
DROP SCHEMA test_schema;
DROP SCHEMA test_roles_schema;
DROP OWNED BY regress_testrol0, "Public", "current_user", regress_testrol1, regress_testrol2, regress_testrolx CASCADE;
DROP ROLE regress_testrol0, regress_testrol1, regress_testrol2, regress_testrolx;
DROP ROLE "Public", "None", "current_user", "session_user", "user";
......@@ -5,15 +5,15 @@
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
DROP ROLE IF EXISTS regress_alter_user1;
DROP ROLE IF EXISTS regress_alter_user2;
DROP ROLE IF EXISTS regress_alter_user3;
DROP ROLE IF EXISTS regress_alter_generic_user1;
DROP ROLE IF EXISTS regress_alter_generic_user2;
DROP ROLE IF EXISTS regress_alter_generic_user3;
RESET client_min_messages;
CREATE USER regress_alter_user3;
CREATE USER regress_alter_user2;
CREATE USER regress_alter_user1 IN ROLE regress_alter_user3;
CREATE USER regress_alter_generic_user3;
CREATE USER regress_alter_generic_user2;
CREATE USER regress_alter_generic_user1 IN ROLE regress_alter_generic_user3;
CREATE SCHEMA alt_nsp1;
CREATE SCHEMA alt_nsp2;
......@@ -25,7 +25,7 @@ SET search_path = alt_nsp1, public;
--
-- Function and Aggregate
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 1';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
......@@ -37,23 +37,23 @@ CREATE AGGREGATE alt_agg2 (
sfunc1 = int4mi, basetype = int4, stype1 = int4, initcond = 0
);
ALTER AGGREGATE alt_func1(int) RENAME TO alt_func3; -- failed (not aggregate)
ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_user3; -- failed (not aggregate)
ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_generic_user3; -- failed (not aggregate)
ALTER AGGREGATE alt_func1(int) SET SCHEMA alt_nsp2; -- failed (not aggregate)
ALTER FUNCTION alt_func1(int) RENAME TO alt_func2; -- failed (name conflict)
ALTER FUNCTION alt_func1(int) RENAME TO alt_func3; -- OK
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- OK
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp1; -- OK, already there
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- OK
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg2; -- failed (name conflict)
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg3; -- OK
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- OK
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 2';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
......@@ -67,15 +67,15 @@ CREATE AGGREGATE alt_agg2 (
ALTER FUNCTION alt_func3(int) RENAME TO alt_func4; -- failed (not owner)
ALTER FUNCTION alt_func1(int) RENAME TO alt_func4; -- OK
ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_user2; -- failed (not owner)
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER FUNCTION alt_func3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- failed (name conflicts)
ALTER AGGREGATE alt_agg3(int) RENAME TO alt_agg4; -- failed (not owner)
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg4; -- OK
ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_user2; -- failed (not owner)
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER AGGREGATE alt_agg3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -95,24 +95,24 @@ SELECT n.nspname, proname, prorettype::regtype, prokind, a.rolname
--
-- Conversion
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv1 RENAME TO alt_conv2; -- failed (name conflict)
ALTER CONVERSION alt_conv1 RENAME TO alt_conv3; -- OK
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- OK
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- OK
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv3 RENAME TO alt_conv4; -- failed (not owner)
ALTER CONVERSION alt_conv1 RENAME TO alt_conv4; -- OK
ALTER CONVERSION alt_conv3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER CONVERSION alt_conv3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER CONVERSION alt_conv3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -148,17 +148,17 @@ SELECT srvname FROM pg_foreign_server WHERE srvname like 'alt_fserv%';
CREATE LANGUAGE alt_lang1 HANDLER plpgsql_call_handler;
CREATE LANGUAGE alt_lang2 HANDLER plpgsql_call_handler;
ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_user1; -- OK
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user2; -- OK
ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_generic_user1; -- OK
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user2; -- OK
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang2; -- failed (name conflict)
ALTER LANGUAGE alt_lang2 RENAME TO alt_lang3; -- failed (not owner)
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang3; -- OK
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user3; -- failed (not owner)
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user3; -- OK
ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user3; -- failed (not owner)
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user3; -- OK
RESET SESSION AUTHORIZATION;
SELECT lanname, a.rolname
......@@ -169,21 +169,21 @@ SELECT lanname, a.rolname
--
-- Operator
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
CREATE OPERATOR @+@ ( leftarg = int4, rightarg = int4, procedure = int4pl );
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user3; -- OK
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (not owner)
ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER OPERATOR @+@(int4, int4) SET SCHEMA alt_nsp2; -- failed (not owner)
-- can't test this: the error message includes the raw oid of namespace
-- ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -202,53 +202,53 @@ SELECT n.nspname, oprname, a.rolname,
--
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user1;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user1;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user1;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user1;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE uuid USING hash AS STORAGE uuid;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE uuid USING hash AS STORAGE uuid;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user1;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user1;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user1;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user1;
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf2; -- failed (name conflict)
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- OK
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc2; -- failed (name conflict)
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- OK
RESET SESSION AUTHORIZATION;
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user2;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2;
ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user2;
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE macaddr USING hash AS STORAGE macaddr;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE macaddr USING hash AS STORAGE macaddr;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user2;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2;
ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user2;
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2;
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
ALTER OPERATOR FAMILY alt_opf3 USING hash RENAME TO alt_opf4; -- failed (not owner)
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf4; -- OK
ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER OPERATOR FAMILY alt_opf3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
ALTER OPERATOR CLASS alt_opc3 USING hash RENAME TO alt_opc4; -- failed (not owner)
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc4; -- OK
ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER OPERATOR CLASS alt_opc3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -305,9 +305,9 @@ DROP OPERATOR FAMILY alt_opf4 USING btree;
-- Should fail. Need to be SUPERUSER to do ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
CREATE ROLE regress_alter_user5 NOSUPERUSER;
CREATE ROLE regress_alter_generic_user5 NOSUPERUSER;
CREATE OPERATOR FAMILY alt_opf5 USING btree;
SET ROLE regress_alter_user5;
SET ROLE regress_alter_generic_user5;
ALTER OPERATOR FAMILY alt_opf5 USING btree ADD OPERATOR 1 < (int4, int2), FUNCTION 1 btint42cmp(int4, int2);
RESET ROLE;
DROP OPERATOR FAMILY alt_opf5 USING btree;
......@@ -315,11 +315,11 @@ ROLLBACK;
-- Should fail. Need rights to namespace for ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
CREATE ROLE regress_alter_user6;
CREATE ROLE regress_alter_generic_user6;
CREATE SCHEMA alt_nsp6;
REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_user6;
REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_generic_user6;
CREATE OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree;
SET ROLE regress_alter_user6;
SET ROLE regress_alter_generic_user6;
ALTER OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree ADD OPERATOR 1 < (int4, int2);
ROLLBACK;
......@@ -436,26 +436,26 @@ DROP OPERATOR FAMILY alt_opf18 USING btree;
--
-- Statistics
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TABLE alt_regress_1 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_1;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_1;
ALTER STATISTICS alt_stat1 RENAME TO alt_stat2; -- failed (name conflict)
ALTER STATISTICS alt_stat1 RENAME TO alt_stat3; -- failed (name conflict)
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- OK
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- OK
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TABLE alt_regress_2 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_2;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_2;
ALTER STATISTICS alt_stat3 RENAME TO alt_stat4; -- failed (not owner)
ALTER STATISTICS alt_stat1 RENAME TO alt_stat4; -- OK
ALTER STATISTICS alt_stat3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER STATISTICS alt_stat3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER STATISTICS alt_stat3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -469,24 +469,24 @@ SELECT nspname, stxname, rolname
--
-- Text Search Dictionary
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict2; -- failed (name conflict)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 RENAME TO alt_ts_dict4; -- failed (not owner)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict4; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -501,24 +501,24 @@ SELECT nspname, dictname, rolname
--
-- Text Search Configuration
--
SET SESSION AUTHORIZATION regress_alter_user1;
SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf2; -- failed (name conflict)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user2; -- failed (no role membership)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- OK
SET SESSION AUTHORIZATION regress_alter_user2;
SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 RENAME TO alt_ts_conf4; -- failed (not owner)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf4; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_user2; -- failed (not owner)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- failed (no role membership)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- failed (name conflict)
......@@ -590,6 +590,6 @@ DROP LANGUAGE alt_lang3 CASCADE;
DROP SCHEMA alt_nsp1 CASCADE;
DROP SCHEMA alt_nsp2 CASCADE;
DROP USER regress_alter_user1;
DROP USER regress_alter_user2;
DROP USER regress_alter_user3;
DROP USER regress_alter_generic_user1;
DROP USER regress_alter_generic_user2;
DROP USER regress_alter_generic_user3;
......@@ -4,10 +4,10 @@
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
DROP ROLE IF EXISTS regress_alter_user1;
DROP ROLE IF EXISTS regress_alter_table_user1;
RESET client_min_messages;
CREATE USER regress_alter_user1;
CREATE USER regress_alter_table_user1;
--
-- add attribute
......@@ -220,7 +220,7 @@ ALTER INDEX IF EXISTS __tmp_onek_unique1 RENAME TO onek_unique1;
ALTER INDEX onek_unique1 RENAME TO tmp_onek_unique1;
ALTER INDEX tmp_onek_unique1 RENAME TO onek_unique1;
SET ROLE regress_alter_user1;
SET ROLE regress_alter_table_user1;
ALTER INDEX onek_unique1 RENAME TO fail; -- permission denied
RESET ROLE;
......@@ -228,7 +228,7 @@ RESET ROLE;
CREATE VIEW tmp_view (unique1) AS SELECT unique1 FROM tenk1;
ALTER TABLE tmp_view RENAME TO tmp_view_new;
SET ROLE regress_alter_user1;
SET ROLE regress_alter_table_user1;
ALTER VIEW tmp_view_new RENAME TO fail; -- permission denied
RESET ROLE;
......@@ -2564,4 +2564,4 @@ ALTER TABLE tmp ALTER COLUMN i RESET (n_distinct_inherited);
ANALYZE tmp;
DROP TABLE tmp;
DROP USER regress_alter_user1;
DROP USER regress_alter_table_user1;
......@@ -86,14 +86,14 @@ DROP PROCEDURE nonexistent();
-- privileges
CREATE USER regress_user1;
GRANT INSERT ON cp_test TO regress_user1;
CREATE USER regress_cp_user1;
GRANT INSERT ON cp_test TO regress_cp_user1;
REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC;
SET ROLE regress_user1;
SET ROLE regress_cp_user1;
CALL ptest1('a'); -- error
RESET ROLE;
GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1;
SET ROLE regress_user1;
GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_cp_user1;
SET ROLE regress_cp_user1;
CALL ptest1('a'); -- ok
RESET ROLE;
......@@ -116,4 +116,4 @@ DROP PROCEDURE ptest2;
DROP TABLE cp_test;
DROP USER regress_user1;
DROP USER regress_cp_user1;
......@@ -89,7 +89,7 @@ CREATE VIEW temp_view_test.v2 AS SELECT * FROM base_table;
-- should fail
CREATE VIEW temp_view_test.v3_temp AS SELECT * FROM temp_table;
-- should fail
CREATE SCHEMA test_schema
CREATE SCHEMA test_view_schema
CREATE TEMP VIEW testview AS SELECT 1;
-- joins: if any of the join relations are temporary, the view
......
......@@ -221,15 +221,15 @@ ALTER TABLE itest7 ALTER COLUMN a RESTART;
ALTER TABLE itest7 ALTER COLUMN a DROP IDENTITY;
-- privileges
CREATE USER regress_user1;
CREATE USER regress_identity_user1;
CREATE TABLE itest8 (a int GENERATED ALWAYS AS IDENTITY, b text);
GRANT SELECT, INSERT ON itest8 TO regress_user1;
SET ROLE regress_user1;
GRANT SELECT, INSERT ON itest8 TO regress_identity_user1;
SET ROLE regress_identity_user1;
INSERT INTO itest8 DEFAULT VALUES;
SELECT * FROM itest8;
RESET ROLE;
DROP TABLE itest8;
DROP USER regress_user1;
DROP USER regress_identity_user1;
-- typed tables (currently not supported)
......
......@@ -388,26 +388,26 @@ select tableoid::regclass, * from mlparted_def;
create table key_desc (a int, b int) partition by list ((a+0));
create table key_desc_1 partition of key_desc for values in (1) partition by range (b);
create user someone_else;
grant select (a) on key_desc_1 to someone_else;
grant insert on key_desc to someone_else;
create user regress_insert_other_user;
grant select (a) on key_desc_1 to regress_insert_other_user;
grant insert on key_desc to regress_insert_other_user;
set role someone_else;
set role regress_insert_other_user;
-- no key description is shown
insert into key_desc values (1, 1);
reset role;
grant select (b) on key_desc_1 to someone_else;
set role someone_else;
grant select (b) on key_desc_1 to regress_insert_other_user;
set role regress_insert_other_user;
-- key description (b)=(1) is now shown
insert into key_desc values (1, 1);
-- key description is not shown if key contains expression
insert into key_desc values (2, 1);
reset role;
revoke all on key_desc from someone_else;
revoke all on key_desc_1 from someone_else;
drop role someone_else;
revoke all on key_desc from regress_insert_other_user;
revoke all on key_desc_1 from regress_insert_other_user;
drop role regress_insert_other_user;
drop table key_desc, key_desc_1;
-- test minvalue/maxvalue restrictions
......
......@@ -2,7 +2,7 @@
-- Regression tests for schemas (namespaces)
--
CREATE SCHEMA test_schema_1
CREATE SCHEMA test_ns_schema_1
CREATE UNIQUE INDEX abc_a_idx ON abc (a)
CREATE VIEW abc_view AS
......@@ -15,30 +15,30 @@ CREATE SCHEMA test_schema_1
-- verify that the objects were created
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
(SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
INSERT INTO test_schema_1.abc DEFAULT VALUES;
INSERT INTO test_schema_1.abc DEFAULT VALUES;
INSERT INTO test_schema_1.abc DEFAULT VALUES;
INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
SELECT * FROM test_schema_1.abc;
SELECT * FROM test_schema_1.abc_view;
SELECT * FROM test_ns_schema_1.abc;
SELECT * FROM test_ns_schema_1.abc_view;
ALTER SCHEMA test_schema_1 RENAME TO test_schema_renamed;
ALTER SCHEMA test_ns_schema_1 RENAME TO test_ns_schema_renamed;
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
(SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
-- test IF NOT EXISTS cases
CREATE SCHEMA test_schema_renamed; -- fail, already exists
CREATE SCHEMA IF NOT EXISTS test_schema_renamed; -- ok with notice
CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed
CREATE SCHEMA test_ns_schema_renamed; -- fail, already exists
CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed; -- ok with notice
CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed -- fail, disallowed
CREATE TABLE abc (
a serial,
b int UNIQUE
);
DROP SCHEMA test_schema_renamed CASCADE;
DROP SCHEMA test_ns_schema_renamed CASCADE;
-- verify that the objects were dropped
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
(SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_renamed');
(SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_renamed');
......@@ -7,15 +7,15 @@
-- Suppress NOTICE messages when users/groups don't exist
SET client_min_messages TO 'warning';
DROP ROLE IF EXISTS regress_group1;
DROP ROLE IF EXISTS regress_group2;
DROP ROLE IF EXISTS regress_priv_group1;
DROP ROLE IF EXISTS regress_priv_group2;
DROP ROLE IF EXISTS regress_user1;
DROP ROLE IF EXISTS regress_user2;
DROP ROLE IF EXISTS regress_user3;
DROP ROLE IF EXISTS regress_user4;
DROP ROLE IF EXISTS regress_user5;
DROP ROLE IF EXISTS regress_user6;
DROP ROLE IF EXISTS regress_priv_user1;
DROP ROLE IF EXISTS regress_priv_user2;
DROP ROLE IF EXISTS regress_priv_user3;
DROP ROLE IF EXISTS regress_priv_user4;
DROP ROLE IF EXISTS regress_priv_user5;
DROP ROLE IF EXISTS regress_priv_user6;
SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
......@@ -23,25 +23,25 @@ RESET client_min_messages;
-- test proper begins here
CREATE USER regress_user1;
CREATE USER regress_user2;
CREATE USER regress_user3;
CREATE USER regress_user4;
CREATE USER regress_user5;
CREATE USER regress_user5; -- duplicate
CREATE USER regress_priv_user1;
CREATE USER regress_priv_user2;
CREATE USER regress_priv_user3;
CREATE USER regress_priv_user4;
CREATE USER regress_priv_user5;
CREATE USER regress_priv_user5; -- duplicate
CREATE GROUP regress_group1;
CREATE GROUP regress_group2 WITH USER regress_user1, regress_user2;
CREATE GROUP regress_priv_group1;
CREATE GROUP regress_priv_group2 WITH USER regress_priv_user1, regress_priv_user2;
ALTER GROUP regress_group1 ADD USER regress_user4;
ALTER GROUP regress_priv_group1 ADD USER regress_priv_user4;
ALTER GROUP regress_group2 ADD USER regress_user2; -- duplicate
ALTER GROUP regress_group2 DROP USER regress_user2;
GRANT regress_group2 TO regress_user4 WITH ADMIN OPTION;
ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2; -- duplicate
ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2;
GRANT regress_priv_group2 TO regress_priv_user4 WITH ADMIN OPTION;
-- test owner privileges
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT session_user, current_user;
CREATE TABLE atest1 ( a int, b text );
......@@ -57,18 +57,18 @@ COMMIT;
REVOKE ALL ON atest1 FROM PUBLIC;
SELECT * FROM atest1;
GRANT ALL ON atest1 TO regress_user2;
GRANT SELECT ON atest1 TO regress_user3, regress_user4;
GRANT ALL ON atest1 TO regress_priv_user2;
GRANT SELECT ON atest1 TO regress_priv_user3, regress_priv_user4;
SELECT * FROM atest1;
CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
GRANT SELECT ON atest2 TO regress_user2;
GRANT UPDATE ON atest2 TO regress_user3;
GRANT INSERT ON atest2 TO regress_user4;
GRANT TRUNCATE ON atest2 TO regress_user5;
GRANT SELECT ON atest2 TO regress_priv_user2;
GRANT UPDATE ON atest2 TO regress_priv_user3;
GRANT INSERT ON atest2 TO regress_priv_user4;
GRANT TRUNCATE ON atest2 TO regress_priv_user5;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT session_user, current_user;
-- try various combinations of queries on atest1 and atest2
......@@ -95,7 +95,7 @@ SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
SELECT session_user, current_user;
SELECT * FROM atest1; -- ok
......@@ -120,7 +120,7 @@ COPY atest2 FROM stdin; -- fail
SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
COPY atest2 FROM stdin; -- ok
bar true
\.
......@@ -129,8 +129,8 @@ SELECT * FROM atest1; -- ok
-- test leaky-function protections in selfuncs
-- regress_user1 will own a table and provide a view for it.
SET SESSION AUTHORIZATION regress_user1;
-- regress_priv_user1 will own a table and provide a view for it.
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest12 as
SELECT x AS a, 10001 - x AS b FROM generate_series(1,10000) x;
......@@ -156,8 +156,8 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
WHERE x.a = y.b and abs(y.a) <<< 5;
-- Check if regress_user2 can break security.
SET SESSION AUTHORIZATION regress_user2;
-- Check if regress_priv_user2 can break security.
SET SESSION AUTHORIZATION regress_priv_user2;
CREATE FUNCTION leak2(integer,integer) RETURNS boolean
AS $$begin raise notice 'leak % %', $1, $2; return $1 > $2; end$$
......@@ -171,12 +171,12 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12 WHERE a >>> 0;
-- This plan should use hashjoin, as it will expect many rows to be selected.
EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
-- Now regress_user1 grants sufficient access to regress_user2.
SET SESSION AUTHORIZATION regress_user1;
-- Now regress_priv_user1 grants sufficient access to regress_priv_user2.
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (a, b) ON atest12 TO PUBLIC;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
-- Now regress_user2 will also get a good row estimate.
-- Now regress_priv_user2 will also get a good row estimate.
EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
-- But not for this, due to lack of table-wide permissions needed
......@@ -184,17 +184,17 @@ EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
WHERE x.a = y.b and abs(y.a) <<< 5;
-- clean up (regress_user1's objects are all dropped later)
-- clean up (regress_priv_user1's objects are all dropped later)
DROP FUNCTION leak2(integer, integer) CASCADE;
-- groups
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
CREATE TABLE atest3 (one int, two int, three int);
GRANT DELETE ON atest3 TO GROUP regress_group2;
GRANT DELETE ON atest3 TO GROUP regress_priv_group2;
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM atest3; -- fail
DELETE FROM atest3; -- ok
......@@ -202,7 +202,7 @@ DELETE FROM atest3; -- ok
-- views
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
/* The next *should* fail, but it's not implemented that way yet. */
......@@ -213,10 +213,10 @@ CREATE VIEW atestv0 AS SELECT 0 as x WHERE false; -- ok
SELECT * FROM atestv1; -- ok
SELECT * FROM atestv2; -- fail
GRANT SELECT ON atestv1, atestv3 TO regress_user4;
GRANT SELECT ON atestv2 TO regress_user2;
GRANT SELECT ON atestv1, atestv3 TO regress_priv_user4;
GRANT SELECT ON atestv2 TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atestv1; -- ok
SELECT * FROM atestv2; -- fail
......@@ -240,29 +240,29 @@ reset constraint_exclusion;
CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view
SELECT * FROM atestv4; -- ok
GRANT SELECT ON atestv4 TO regress_user2;
GRANT SELECT ON atestv4 TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
-- Two complex cases:
SELECT * FROM atestv3; -- fail
SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3)
SELECT * FROM atestv4; -- ok (even though regress_priv_user2 cannot access underlying atestv3)
SELECT * FROM atest2; -- ok
SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2)
SELECT * FROM atestv2; -- fail (even though regress_priv_user2 can access underlying atest2)
-- Test column level permissions
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest5 (one int, two int unique, three int, four int unique);
CREATE TABLE atest6 (one int, two int, blue int);
GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_user4;
GRANT ALL (one) ON atest5 TO regress_user3;
GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user4;
GRANT ALL (one) ON atest5 TO regress_priv_user3;
INSERT INTO atest5 VALUES (1,2,3);
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest5; -- fail
SELECT one FROM atest5; -- ok
COPY atest5 (one) TO stdout; -- ok
......@@ -283,16 +283,16 @@ SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.two); -
SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok
SELECT one, two FROM atest5; -- fail
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT (one,two) ON atest6 TO regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (one,two) ON atest6 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT (two) ON atest5 TO regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (two) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
-- test column-level privileges for INSERT and UPDATE
......@@ -324,37 +324,37 @@ INSERT INTO atest5(three) VALUES (4) ON CONFLICT (two) DO UPDATE set three = 10;
-- Check that the columns in the inference require select privileges
INSERT INTO atest5(four) VALUES (4); -- fail
SET SESSION AUTHORIZATION regress_user1;
GRANT INSERT (four) ON atest5 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT INSERT (four) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT)
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT)
INSERT INTO atest5(four) VALUES (4); -- ok
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT (four) ON atest5 TO regress_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (four) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- ok
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- ok
SET SESSION AUTHORIZATION regress_user1;
REVOKE ALL (one) ON atest5 FROM regress_user4;
GRANT SELECT (one,two,blue) ON atest6 TO regress_user4;
SET SESSION AUTHORIZATION regress_priv_user1;
REVOKE ALL (one) ON atest5 FROM regress_priv_user4;
GRANT SELECT (one,two,blue) ON atest6 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one FROM atest5; -- fail
UPDATE atest5 SET one = 1; -- fail
SELECT atest6 FROM atest6; -- ok
COPY atest6 TO stdout; -- ok
-- check error reporting with column privs
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE t1 (c1 int, c2 int, c3 int check (c3 < 5), primary key (c1, c2));
GRANT SELECT (c1) ON t1 TO regress_user2;
GRANT INSERT (c1, c2, c3) ON t1 TO regress_user2;
GRANT UPDATE (c1, c2, c3) ON t1 TO regress_user2;
GRANT SELECT (c1) ON t1 TO regress_priv_user2;
GRANT INSERT (c1, c2, c3) ON t1 TO regress_priv_user2;
GRANT UPDATE (c1, c2, c3) ON t1 TO regress_priv_user2;
-- seed data
INSERT INTO t1 VALUES (1, 1, 1);
......@@ -363,7 +363,7 @@ INSERT INTO t1 VALUES (2, 1, 2);
INSERT INTO t1 VALUES (2, 2, 2);
INSERT INTO t1 VALUES (3, 1, 3);
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
INSERT INTO t1 (c1, c2) VALUES (1, 1); -- fail, but row not shown
UPDATE t1 SET c2 = 1; -- fail, but row not shown
INSERT INTO t1 (c1, c2) VALUES (null, null); -- fail, but see columns being inserted
......@@ -371,59 +371,59 @@ INSERT INTO t1 (c3) VALUES (null); -- fail, but see columns being inserted or ha
INSERT INTO t1 (c1) VALUES (5); -- fail, but see columns being inserted or have SELECT
UPDATE t1 SET c3 = 10; -- fail, but see columns with SELECT rights, or being modified
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
DROP TABLE t1;
-- test column-level privileges when involved with DELETE
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 ADD COLUMN three integer;
GRANT DELETE ON atest5 TO regress_user3;
GRANT SELECT (two) ON atest5 TO regress_user3;
REVOKE ALL (one) ON atest5 FROM regress_user3;
GRANT SELECT (one) ON atest5 TO regress_user4;
GRANT DELETE ON atest5 TO regress_priv_user3;
GRANT SELECT (two) ON atest5 TO regress_priv_user3;
REVOKE ALL (one) ON atest5 FROM regress_priv_user3;
GRANT SELECT (one) ON atest5 TO regress_priv_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- fail
SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN three;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- ok
SELECT one FROM atest5 NATURAL JOIN atest6; -- ok
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN two;
REVOKE SELECT (one,blue) ON atest6 FROM regress_user4;
REVOKE SELECT (one,blue) ON atest6 FROM regress_priv_user4;
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest6; -- fail
SELECT 1 FROM atest6; -- fail
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
DELETE FROM atest5 WHERE one = 1; -- fail
DELETE FROM atest5 WHERE two = 2; -- ok
-- check inheritance cases
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atestp1 (f1 int, f2 int) WITH OIDS;
CREATE TABLE atestp2 (fx int, fy int) WITH OIDS;
CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2);
GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_user2;
GRANT SELECT(fx) ON atestc TO regress_user2;
GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_priv_user2;
GRANT SELECT(fx) ON atestc TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- ok
SELECT fy FROM atestp2; -- ok
SELECT atestp2 FROM atestp2; -- ok
SELECT oid FROM atestp2; -- ok
SELECT fy FROM atestc; -- fail
SET SESSION AUTHORIZATION regress_user1;
GRANT SELECT(fy,oid) ON atestc TO regress_user2;
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT(fy,oid) ON atestc TO regress_priv_user2;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- still ok
SELECT fy FROM atestp2; -- ok
SELECT atestp2 FROM atestp2; -- ok
......@@ -435,48 +435,48 @@ SELECT oid FROM atestp2; -- ok
\c -
REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC;
GRANT USAGE ON LANGUAGE sql TO regress_user1; -- ok
GRANT USAGE ON LANGUAGE sql TO regress_priv_user1; -- ok
GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail
SET SESSION AUTHORIZATION regress_user1;
GRANT USAGE ON LANGUAGE sql TO regress_user2; -- fail
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT USAGE ON LANGUAGE sql TO regress_priv_user2; -- fail
CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql;
CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testagg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testproc1(int) AS 'select $1;' LANGUAGE sql;
REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) FROM PUBLIC;
GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_user2;
GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_priv_user2;
REVOKE ALL ON FUNCTION testproc1(int) FROM PUBLIC; -- fail, not a function
REVOKE ALL ON PROCEDURE testproc1(int) FROM PUBLIC;
GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_user2;
GRANT USAGE ON FUNCTION testfunc1(int) TO regress_user3; -- semantic error
GRANT USAGE ON FUNCTION testagg1(int) TO regress_user3; -- semantic error
GRANT USAGE ON PROCEDURE testproc1(int) TO regress_user3; -- semantic error
GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_user4;
GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_user4;
GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_user4;
GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_user4;
GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_priv_user2;
GRANT USAGE ON FUNCTION testfunc1(int) TO regress_priv_user3; -- semantic error
GRANT USAGE ON FUNCTION testagg1(int) TO regress_priv_user3; -- semantic error
GRANT USAGE ON PROCEDURE testproc1(int) TO regress_priv_user3; -- semantic error
GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_priv_user4;
GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_priv_user4;
GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_priv_user4;
GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_priv_user4;
CREATE FUNCTION testfunc4(boolean) RETURNS text
AS 'select col1 from atest2 where col2 = $1;'
LANGUAGE sql SECURITY DEFINER;
GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_user3;
GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_priv_user3;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT testfunc1(5), testfunc2(5); -- ok
CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok
CALL testproc1(6); -- ok
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
SELECT testfunc1(5); -- fail
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail
CALL testproc1(6); -- fail
SELECT col1 FROM atest2 WHERE col2 = true; -- fail
SELECT testfunc4(true); -- ok
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT testfunc1(5); -- ok
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok
CALL testproc1(6); -- ok
......@@ -496,7 +496,7 @@ BEGIN;
SELECT '{1}'::int4[]::int8[];
REVOKE ALL ON FUNCTION int8(integer) FROM PUBLIC;
SELECT '{1}'::int4[]::int8[]; --superuser, suceed
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT '{1}'::int4[]::int8[]; --other user, fail
ROLLBACK;
......@@ -507,16 +507,16 @@ ROLLBACK;
CREATE TYPE testtype1 AS (a int, b text);
REVOKE USAGE ON TYPE testtype1 FROM PUBLIC;
GRANT USAGE ON TYPE testtype1 TO regress_user2;
GRANT USAGE ON TYPE _testtype1 TO regress_user2; -- fail
GRANT USAGE ON DOMAIN testtype1 TO regress_user2; -- fail
GRANT USAGE ON TYPE testtype1 TO regress_priv_user2;
GRANT USAGE ON TYPE _testtype1 TO regress_priv_user2; -- fail
GRANT USAGE ON DOMAIN testtype1 TO regress_priv_user2; -- fail
CREATE DOMAIN testdomain1 AS int;
REVOKE USAGE on DOMAIN testdomain1 FROM PUBLIC;
GRANT USAGE ON DOMAIN testdomain1 TO regress_user2;
GRANT USAGE ON TYPE testdomain1 TO regress_user2; -- ok
GRANT USAGE ON DOMAIN testdomain1 TO regress_priv_user2;
GRANT USAGE ON TYPE testdomain1 TO regress_priv_user2; -- ok
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
-- commands that should fail
......@@ -553,7 +553,7 @@ CREATE TABLE test11a AS (SELECT 1::testdomain1 AS a);
REVOKE ALL ON TYPE testtype1 FROM PUBLIC;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
-- commands that should succeed
......@@ -610,7 +610,7 @@ DROP DOMAIN testdomain1; -- ok
-- truncate
SET SESSION AUTHORIZATION regress_user5;
SET SESSION AUTHORIZATION regress_priv_user5;
TRUNCATE atest2; -- ok
TRUNCATE atest3; -- fail
......@@ -659,7 +659,7 @@ select has_table_privilege(t1.oid,'trigger')
from (select oid from pg_class where relname = 'pg_authid') as t1;
-- non-superuser
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
select has_table_privilege(current_user,'pg_class','select');
select has_table_privilege(current_user,'pg_class','insert');
......@@ -718,56 +718,56 @@ from (select oid from pg_class where relname = 'atest1') as t1;
-- Grant options
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest4 (a int);
GRANT SELECT ON atest4 TO regress_user2 WITH GRANT OPTION;
GRANT UPDATE ON atest4 TO regress_user2;
GRANT SELECT ON atest4 TO GROUP regress_group1 WITH GRANT OPTION;
GRANT SELECT ON atest4 TO regress_priv_user2 WITH GRANT OPTION;
GRANT UPDATE ON atest4 TO regress_priv_user2;
GRANT SELECT ON atest4 TO GROUP regress_priv_group1 WITH GRANT OPTION;
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
GRANT SELECT ON atest4 TO regress_user3;
GRANT UPDATE ON atest4 TO regress_user3; -- fail
GRANT SELECT ON atest4 TO regress_priv_user3;
GRANT UPDATE ON atest4 TO regress_priv_user3; -- fail
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
REVOKE SELECT ON atest4 FROM regress_user3; -- does nothing
SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- true
REVOKE SELECT ON atest4 FROM regress_user2; -- fail
REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_user2 CASCADE; -- ok
SELECT has_table_privilege('regress_user2', 'atest4', 'SELECT'); -- true
SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- false
REVOKE SELECT ON atest4 FROM regress_priv_user3; -- does nothing
SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- true
REVOKE SELECT ON atest4 FROM regress_priv_user2; -- fail
REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_priv_user2 CASCADE; -- ok
SELECT has_table_privilege('regress_priv_user2', 'atest4', 'SELECT'); -- true
SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- false
SELECT has_table_privilege('regress_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
-- Admin options
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS
'GRANT regress_group2 TO regress_user5';
GRANT regress_group2 TO regress_user5; -- ok: had ADMIN OPTION
SET ROLE regress_group2;
GRANT regress_group2 TO regress_user5; -- fails: SET ROLE suspended privilege
'GRANT regress_priv_group2 TO regress_priv_user5';
GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION
SET ROLE regress_priv_group2;
GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege
SET SESSION AUTHORIZATION regress_user1;
GRANT regress_group2 TO regress_user5; -- fails: no ADMIN OPTION
SET SESSION AUTHORIZATION regress_priv_user1;
GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION
SELECT dogrant_ok(); -- ok: SECURITY DEFINER conveys ADMIN
SET ROLE regress_group2;
GRANT regress_group2 TO regress_user5; -- fails: SET ROLE did not help
SET ROLE regress_priv_group2;
GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help
SET SESSION AUTHORIZATION regress_group2;
GRANT regress_group2 TO regress_user5; -- ok: a role can self-admin
SET SESSION AUTHORIZATION regress_priv_group2;
GRANT regress_priv_group2 TO regress_priv_user5; -- ok: a role can self-admin
CREATE FUNCTION dogrant_fails() RETURNS void LANGUAGE sql SECURITY DEFINER AS
'GRANT regress_group2 TO regress_user5';
'GRANT regress_priv_group2 TO regress_priv_user5';
SELECT dogrant_fails(); -- fails: no self-admin in SECURITY DEFINER
DROP FUNCTION dogrant_fails();
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
DROP FUNCTION dogrant_ok();
REVOKE regress_group2 FROM regress_user5;
REVOKE regress_priv_group2 FROM regress_priv_user5;
-- has_sequence_privilege tests
......@@ -775,19 +775,19 @@ REVOKE regress_group2 FROM regress_user5;
CREATE SEQUENCE x_seq;
GRANT USAGE on x_seq to regress_user2;
GRANT USAGE on x_seq to regress_priv_user2;
SELECT has_sequence_privilege('regress_user1', 'atest1', 'SELECT');
SELECT has_sequence_privilege('regress_user1', 'x_seq', 'INSERT');
SELECT has_sequence_privilege('regress_user1', 'x_seq', 'SELECT');
SELECT has_sequence_privilege('regress_priv_user1', 'atest1', 'SELECT');
SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'INSERT');
SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'SELECT');
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT has_sequence_privilege('x_seq', 'USAGE');
-- largeobject privilege tests
\c -
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT lo_create(1001);
SELECT lo_create(1002);
......@@ -796,17 +796,17 @@ SELECT lo_create(1004);
SELECT lo_create(1005);
GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
GRANT SELECT ON LARGE OBJECT 1003 TO regress_user2;
GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_user2;
GRANT ALL ON LARGE OBJECT 1005 TO regress_user2;
GRANT SELECT ON LARGE OBJECT 1005 TO regress_user2 WITH GRANT OPTION;
GRANT SELECT ON LARGE OBJECT 1003 TO regress_priv_user2;
GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_priv_user2;
GRANT ALL ON LARGE OBJECT 1005 TO regress_priv_user2;
GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user2 WITH GRANT OPTION;
GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed
GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed
GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed
\c -
SET SESSION AUTHORIZATION regress_user2;
SET SESSION AUTHORIZATION regress_priv_user2;
SELECT lo_create(2001);
SELECT lo_create(2002);
......@@ -824,10 +824,10 @@ SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd'); -- to be denied
SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
GRANT SELECT ON LARGE OBJECT 1005 TO regress_user3;
GRANT UPDATE ON LARGE OBJECT 1006 TO regress_user3; -- to be denied
GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user3;
GRANT UPDATE ON LARGE OBJECT 1006 TO regress_priv_user3; -- to be denied
REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
GRANT ALL ON LARGE OBJECT 2001 TO regress_user3;
GRANT ALL ON LARGE OBJECT 2001 TO regress_priv_user3;
SELECT lo_unlink(1001); -- to be denied
SELECT lo_unlink(2002);
......@@ -836,7 +836,7 @@ SELECT lo_unlink(2002);
-- confirm ACL setting
SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
SET SESSION AUTHORIZATION regress_user3;
SET SESSION AUTHORIZATION regress_priv_user3;
SELECT loread(lo_open(1001, x'40000'::int), 32);
SELECT loread(lo_open(1003, x'40000'::int), 32); -- to be denied
......@@ -848,7 +848,7 @@ SELECT lo_truncate(lo_open(2001, x'20000'::int), 10);
-- compatibility mode in largeobject permission
\c -
SET lo_compat_privileges = false; -- default setting
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
......@@ -861,7 +861,7 @@ SELECT lo_import('/dev/null', 2003); -- to be denied
\c -
SET lo_compat_privileges = true; -- compatibility mode
SET SESSION AUTHORIZATION regress_user4;
SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32);
SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');
......@@ -873,87 +873,87 @@ SELECT lo_export(1001, '/dev/null'); -- to be denied
\c -
SELECT * FROM pg_largeobject LIMIT 0;
SET SESSION AUTHORIZATION regress_user1;
SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM pg_largeobject LIMIT 0; -- to be denied
-- test default ACLs
\c -
CREATE SCHEMA testns;
GRANT ALL ON SCHEMA testns TO regress_user1;
GRANT ALL ON SCHEMA testns TO regress_priv_user1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_user1;
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- yes
ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_user1;
ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_user2; -- error
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error
ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_user2;
ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns2;
SELECT has_schema_privilege('regress_user2', 'testns2', 'USAGE'); -- yes
SELECT has_schema_privilege('regress_user2', 'testns2', 'CREATE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'USAGE'); -- yes
SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'CREATE'); -- no
ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_user2;
ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns3;
SELECT has_schema_privilege('regress_user2', 'testns3', 'USAGE'); -- no
SELECT has_schema_privilege('regress_user2', 'testns3', 'CREATE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'USAGE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'CREATE'); -- no
ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_user2;
ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns4;
SELECT has_schema_privilege('regress_user2', 'testns4', 'USAGE'); -- yes
SELECT has_schema_privilege('regress_user2', 'testns4', 'CREATE'); -- yes
SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'USAGE'); -- yes
SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_user2;
ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns5;
SELECT has_schema_privilege('regress_user2', 'testns5', 'USAGE'); -- no
SELECT has_schema_privilege('regress_user2', 'testns5', 'CREATE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no
SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'CREATE'); -- no
SET ROLE regress_user1;
SET ROLE regress_priv_user1;
CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON ROUTINES to public;
......@@ -964,26 +964,26 @@ CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
DROP PROCEDURE testns.bar();
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- yes
SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- yes
SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
DROP FUNCTION testns.foo();
DROP AGGREGATE testns.agg1(int);
DROP PROCEDURE testns.bar();
ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE USAGE ON TYPES FROM public;
ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE USAGE ON TYPES FROM public;
CREATE DOMAIN testns.testdomain1 AS int;
SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no
SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public;
DROP DOMAIN testns.testdomain1;
CREATE DOMAIN testns.testdomain1 AS int;
SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- yes
SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- yes
DROP DOMAIN testns.testdomain1;
......@@ -1011,41 +1011,41 @@ CREATE SCHEMA testns;
CREATE TABLE testns.t1 (f1 int);
CREATE TABLE testns.t2 (f1 int);
SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_user1;
GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_priv_user1;
SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- true
SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- true
SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- true
SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- true
REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_user1;
REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_priv_user1;
SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false
SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- false
CREATE FUNCTION testns.testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testns.testagg(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.testproc(int) AS 'select 3' LANGUAGE sql;
SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC;
SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
REVOKE ALL ON ALL PROCEDURES IN SCHEMA testns FROM PUBLIC;
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
GRANT ALL ON ALL ROUTINES IN SCHEMA testns TO PUBLIC;
SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
\set VERBOSITY terse \\ -- suppress cascade details
DROP SCHEMA testns CASCADE;
......@@ -1082,24 +1082,24 @@ DROP ROLE regress_schemauser_renamed;
-- test that dependent privileges are revoked (or not) properly
\c -
set session role regress_user1;
set session role regress_priv_user1;
create table dep_priv_test (a int);
grant select on dep_priv_test to regress_user2 with grant option;
grant select on dep_priv_test to regress_user3 with grant option;
set session role regress_user2;
grant select on dep_priv_test to regress_user4 with grant option;
set session role regress_user3;
grant select on dep_priv_test to regress_user4 with grant option;
set session role regress_user4;
grant select on dep_priv_test to regress_user5;
grant select on dep_priv_test to regress_priv_user2 with grant option;
grant select on dep_priv_test to regress_priv_user3 with grant option;
set session role regress_priv_user2;
grant select on dep_priv_test to regress_priv_user4 with grant option;
set session role regress_priv_user3;
grant select on dep_priv_test to regress_priv_user4 with grant option;
set session role regress_priv_user4;
grant select on dep_priv_test to regress_priv_user5;
\dp dep_priv_test
set session role regress_user2;
revoke select on dep_priv_test from regress_user4 cascade;
set session role regress_priv_user2;
revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
set session role regress_user3;
revoke select on dep_priv_test from regress_user4 cascade;
set session role regress_priv_user3;
revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
set session role regress_user1;
set session role regress_priv_user1;
drop table dep_priv_test;
......@@ -1134,19 +1134,19 @@ DROP TABLE atestp2;
SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
DROP GROUP regress_group1;
DROP GROUP regress_group2;
DROP GROUP regress_priv_group1;
DROP GROUP regress_priv_group2;
-- these are needed to clean up permissions
REVOKE USAGE ON LANGUAGE sql FROM regress_user1;
DROP OWNED BY regress_user1;
DROP USER regress_user1;
DROP USER regress_user2;
DROP USER regress_user3;
DROP USER regress_user4;
DROP USER regress_user5;
DROP USER regress_user6;
REVOKE USAGE ON LANGUAGE sql FROM regress_priv_user1;
DROP OWNED BY regress_priv_user1;
DROP USER regress_priv_user1;
DROP USER regress_priv_user2;
DROP USER regress_priv_user3;
DROP USER regress_priv_user4;
DROP USER regress_priv_user5;
DROP USER regress_priv_user6;
-- permissions with LOCK TABLE
......
......@@ -385,7 +385,7 @@ GRANT regress_testrol0 TO pg_signal_backend; -- success
SET ROLE pg_signal_backend; --success
RESET ROLE;
CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success
CREATE SCHEMA test_roles_schema AUTHORIZATION pg_signal_backend; --success
SET ROLE regress_testrol2;
UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_';
......@@ -441,7 +441,7 @@ SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_';
-- clean up
\c
DROP SCHEMA test_schema;
DROP SCHEMA test_roles_schema;
DROP OWNED BY regress_testrol0, "Public", "current_user", regress_testrol1, regress_testrol2, regress_testrolx CASCADE;
DROP ROLE regress_testrol0, regress_testrol1, regress_testrol2, regress_testrolx;
DROP ROLE "Public", "None", "current_user", "session_user", "user";
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment