aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/backend/executor/execMain.c17
-rw-r--r--src/test/regress/expected/select_into.out39
-rw-r--r--src/test/regress/sql/select_into.sql37
3 files changed, 93 insertions, 0 deletions
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c
index fd7a9ed0339..708831a5c34 100644
--- a/src/backend/executor/execMain.c
+++ b/src/backend/executor/execMain.c
@@ -2395,6 +2395,8 @@ OpenIntoRel(QueryDesc *queryDesc)
Datum reloptions;
Oid intoRelationId;
DR_intorel *myState;
+ RangeTblEntry *rte;
+ AttrNumber attnum;
static char *validnsps[] = HEAP_RELOPT_NAMESPACES;
Assert(into);
@@ -2517,6 +2519,21 @@ OpenIntoRel(QueryDesc *queryDesc)
intoRelationDesc = heap_open(intoRelationId, AccessExclusiveLock);
/*
+ * check INSERT permission on the constructed table.
+ */
+ rte = makeNode(RangeTblEntry);
+ rte->rtekind = RTE_RELATION;
+ rte->relid = intoRelationId;
+ rte->relkind = RELKIND_RELATION;
+ rte->requiredPerms = ACL_INSERT;
+
+ for (attnum = 1; attnum <= queryDesc->tupDesc->natts; attnum++)
+ rte->modifiedCols = bms_add_member(rte->modifiedCols,
+ attnum - FirstLowInvalidHeapAttributeNumber);
+
+ ExecCheckRTPerms(list_make1(rte), true);
+
+ /*
* Now replace the query's DestReceiver with one for SELECT INTO
*/
queryDesc->dest = CreateDestReceiver(DestIntoRel);
diff --git a/src/test/regress/expected/select_into.out b/src/test/regress/expected/select_into.out
index 503efe04fc2..9ed4229b506 100644
--- a/src/test/regress/expected/select_into.out
+++ b/src/test/regress/expected/select_into.out
@@ -11,3 +11,42 @@ SELECT *
FROM onek2
WHERE onek2.unique1 < 2;
DROP TABLE tmp1;
+--
+-- SELECT INTO and INSERT permission, if owner is not allowed to insert.
+--
+CREATE SCHEMA selinto_schema;
+CREATE USER selinto_user;
+ALTER DEFAULT PRIVILEGES FOR ROLE selinto_user
+ REVOKE INSERT ON TABLES FROM selinto_user;
+GRANT ALL ON SCHEMA selinto_schema TO public;
+SET SESSION AUTHORIZATION selinto_user;
+SELECT * INTO TABLE selinto_schema.tmp1
+ FROM pg_class WHERE relname like '%a%'; -- Error
+ERROR: permission denied for relation tmp1
+SELECT oid AS clsoid, relname, relnatts + 10 AS x
+ INTO selinto_schema.tmp2
+ FROM pg_class WHERE relname like '%b%'; -- Error
+ERROR: permission denied for relation tmp2
+CREATE TABLE selinto_schema.tmp3 (a,b,c)
+ AS SELECT oid,relname,relacl FROM pg_class
+ WHERE relname like '%c%'; -- Error
+ERROR: permission denied for relation tmp3
+RESET SESSION AUTHORIZATION;
+ALTER DEFAULT PRIVILEGES FOR ROLE selinto_user
+ GRANT INSERT ON TABLES TO selinto_user;
+SET SESSION AUTHORIZATION selinto_user;
+SELECT * INTO TABLE selinto_schema.tmp1
+ FROM pg_class WHERE relname like '%a%'; -- OK
+SELECT oid AS clsoid, relname, relnatts + 10 AS x
+ INTO selinto_schema.tmp2
+ FROM pg_class WHERE relname like '%b%'; -- OK
+CREATE TABLE selinto_schema.tmp3 (a,b,c)
+ AS SELECT oid,relname,relacl FROM pg_class
+ WHERE relname like '%c%'; -- OK
+RESET SESSION AUTHORIZATION;
+DROP SCHEMA selinto_schema CASCADE;
+NOTICE: drop cascades to 3 other objects
+DETAIL: drop cascades to table selinto_schema.tmp1
+drop cascades to table selinto_schema.tmp2
+drop cascades to table selinto_schema.tmp3
+DROP USER selinto_user;
diff --git a/src/test/regress/sql/select_into.sql b/src/test/regress/sql/select_into.sql
index 2fa3d1e08ec..039d35cd34c 100644
--- a/src/test/regress/sql/select_into.sql
+++ b/src/test/regress/sql/select_into.sql
@@ -15,3 +15,40 @@ SELECT *
WHERE onek2.unique1 < 2;
DROP TABLE tmp1;
+
+--
+-- SELECT INTO and INSERT permission, if owner is not allowed to insert.
+--
+CREATE SCHEMA selinto_schema;
+CREATE USER selinto_user;
+ALTER DEFAULT PRIVILEGES FOR ROLE selinto_user
+ REVOKE INSERT ON TABLES FROM selinto_user;
+GRANT ALL ON SCHEMA selinto_schema TO public;
+
+SET SESSION AUTHORIZATION selinto_user;
+SELECT * INTO TABLE selinto_schema.tmp1
+ FROM pg_class WHERE relname like '%a%'; -- Error
+SELECT oid AS clsoid, relname, relnatts + 10 AS x
+ INTO selinto_schema.tmp2
+ FROM pg_class WHERE relname like '%b%'; -- Error
+CREATE TABLE selinto_schema.tmp3 (a,b,c)
+ AS SELECT oid,relname,relacl FROM pg_class
+ WHERE relname like '%c%'; -- Error
+RESET SESSION AUTHORIZATION;
+
+ALTER DEFAULT PRIVILEGES FOR ROLE selinto_user
+ GRANT INSERT ON TABLES TO selinto_user;
+
+SET SESSION AUTHORIZATION selinto_user;
+SELECT * INTO TABLE selinto_schema.tmp1
+ FROM pg_class WHERE relname like '%a%'; -- OK
+SELECT oid AS clsoid, relname, relnatts + 10 AS x
+ INTO selinto_schema.tmp2
+ FROM pg_class WHERE relname like '%b%'; -- OK
+CREATE TABLE selinto_schema.tmp3 (a,b,c)
+ AS SELECT oid,relname,relacl FROM pg_class
+ WHERE relname like '%c%'; -- OK
+RESET SESSION AUTHORIZATION;
+
+DROP SCHEMA selinto_schema CASCADE;
+DROP USER selinto_user;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-01 03:10:40 +0000