diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2022-04-06 13:24:33 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2022-04-06 13:24:33 -0400 |
| commit | a0ffa885e478f5eeacc4e250e35ce25a4740c487 (patch) | |
| tree | 7ce236305d5eb50f34bfccaf9a662cf3f0b77adf /src/bin/pg_dump/dumputils.c | |
| parent | 2ef6f11b0c77ec323c688ddfd98ffabddb72c11d (diff) | |
| download | postgresql-a0ffa885e478f5eeacc4e250e35ce25a4740c487.tar.gz postgresql-a0ffa885e478f5eeacc4e250e35ce25a4740c487.zip | |
Allow granting SET and ALTER SYSTEM privileges on GUC parameters.
This patch allows "PGC_SUSET" parameters to be set by non-superusers
if they have been explicitly granted the privilege to do so.
The privilege to perform ALTER SYSTEM SET/RESET on a specific parameter
can also be granted.
Such privileges are cluster-wide, not per database. They are tracked
in a new shared catalog, pg_parameter_acl.
Granting and revoking these new privileges works as one would expect.
One caveat is that PGC_USERSET GUCs are unaffected by the SET privilege
--- one could wish that those were handled by a revocable grant to
PUBLIC, but they are not, because we couldn't make it robust enough
for GUCs defined by extensions.
Mark Dilger, reviewed at various times by Andrew Dunstan, Robert Haas,
Joshua Brindle, and myself
Discussion: https://postgr.es/m/3D691E20-C1D5-4B80-8BA5-6BEB63AF3029@enterprisedb.com
Diffstat (limited to 'src/bin/pg_dump/dumputils.c')
| -rw-r--r-- | src/bin/pg_dump/dumputils.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c index 6086d57cf3a..3e68dfc78f9 100644 --- a/src/bin/pg_dump/dumputils.c +++ b/src/bin/pg_dump/dumputils.c @@ -37,7 +37,7 @@ static void AddAcl(PQExpBuffer aclbuf, const char *keyword, * nspname: the namespace the object is in (NULL if none); not pre-quoted * type: the object type (as seen in GRANT command: must be one of * TABLE, SEQUENCE, FUNCTION, PROCEDURE, LANGUAGE, SCHEMA, DATABASE, TABLESPACE, - * FOREIGN DATA WRAPPER, SERVER, or LARGE OBJECT) + * FOREIGN DATA WRAPPER, SERVER, PARAMETER or LARGE OBJECT) * acls: the ACL string fetched from the database * baseacls: the initial ACL string for this object * owner: username of object owner (will be passed through fmtId); can be @@ -501,6 +501,11 @@ do { \ CONVERT_PRIV('U', "USAGE"); else if (strcmp(type, "FOREIGN TABLE") == 0) CONVERT_PRIV('r', "SELECT"); + else if (strcmp(type, "PARAMETER") == 0) + { + CONVERT_PRIV('s', "SET"); + CONVERT_PRIV('A', "ALTER SYSTEM"); + } else if (strcmp(type, "LARGE OBJECT") == 0) { CONVERT_PRIV('r', "SELECT"); |