granicus.if.org Git - postgresql/commit

author	Dean Rasheed <dean.a.rasheed@gmail.com>
	Mon, 6 May 2019 10:56:37 +0000 (11:56 +0100)
committer	Dean Rasheed <dean.a.rasheed@gmail.com>
	Mon, 6 May 2019 10:56:37 +0000 (11:56 +0100)
commit	98dad4cd48e362090b30187441e8c116afb74f58
tree	e67943aac4f9498eb0a63e63986a9a7287d9a1e7	tree \| snapshot
parent	0027ee3c52d824764f7f8391edb2695c3d2b424f	commit \| diff

Use checkAsUser for selectivity estimator checks, if it's set.

In examine_variable() and examine_simple_variable(), when checking the
user's table and column privileges to determine whether to grant
access to the pg_statistic data, use checkAsUser for the privilege
checks, if it's set. This will be the case if we're accessing the
table via a view, to indicate that we should perform privilege checks
as the view owner rather than the current user.

This change makes this planner check consistent with the check in the
executor, so the planner will be able to make use of statistics if the
table is accessible via the view. This fixes a performance regression
introduced by commit e2d4ef8de8, which affects queries against
non-security barrier views in the case where the user doesn't have
privileges on the underlying table, but the view owner does.

Note that it continues to provide the same safeguards controlling
access to pg_statistic for direct table access (in which case
checkAsUser won't be set) and for security barrier views, because of
the nearby checks on rte->security_barrier and rte->securityQuals.

Back-patch to all supported branches because e2d4ef8de8 was.

Dean Rasheed, reviewed by Jonathan Katz and Stephen Frost.

src/backend/utils/adt/selfuncs.c		diff \| blob \| history
src/test/regress/expected/privileges.out		diff \| blob \| history
src/test/regress/sql/privileges.sql		diff \| blob \| history