--
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
-DROP ROLE IF EXISTS regress_alter_user1;
-DROP ROLE IF EXISTS regress_alter_user2;
-DROP ROLE IF EXISTS regress_alter_user3;
+DROP ROLE IF EXISTS regress_alter_generic_user1;
+DROP ROLE IF EXISTS regress_alter_generic_user2;
+DROP ROLE IF EXISTS regress_alter_generic_user3;
RESET client_min_messages;
-CREATE USER regress_alter_user3;
-CREATE USER regress_alter_user2;
-CREATE USER regress_alter_user1 IN ROLE regress_alter_user3;
+CREATE USER regress_alter_generic_user3;
+CREATE USER regress_alter_generic_user2;
+CREATE USER regress_alter_generic_user1 IN ROLE regress_alter_generic_user3;
CREATE SCHEMA alt_nsp1;
CREATE SCHEMA alt_nsp2;
GRANT ALL ON SCHEMA alt_nsp1, alt_nsp2 TO public;
--
-- Function and Aggregate
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 1';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
);
ALTER AGGREGATE alt_func1(int) RENAME TO alt_func3; -- failed (not aggregate)
ERROR: function alt_func1(integer) is not an aggregate
-ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_user3; -- failed (not aggregate)
+ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_generic_user3; -- failed (not aggregate)
ERROR: function alt_func1(integer) is not an aggregate
ALTER AGGREGATE alt_func1(int) SET SCHEMA alt_nsp2; -- failed (not aggregate)
ERROR: function alt_func1(integer) is not an aggregate
ALTER FUNCTION alt_func1(int) RENAME TO alt_func2; -- failed (name conflict)
ERROR: function alt_func2(integer) already exists in schema "alt_nsp1"
ALTER FUNCTION alt_func1(int) RENAME TO alt_func3; -- OK
-ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- OK
+ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp1; -- OK, already there
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- OK
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg2; -- failed (name conflict)
ERROR: function alt_agg2(integer) already exists in schema "alt_nsp1"
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg3; -- OK
-ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- OK
+ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 2';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
ALTER FUNCTION alt_func3(int) RENAME TO alt_func4; -- failed (not owner)
ERROR: must be owner of function alt_func3
ALTER FUNCTION alt_func1(int) RENAME TO alt_func4; -- OK
-ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of function alt_func3
-ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER FUNCTION alt_func3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of function alt_func3
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- failed (name conflicts)
ALTER AGGREGATE alt_agg3(int) RENAME TO alt_agg4; -- failed (not owner)
ERROR: must be owner of function alt_agg3
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg4; -- OK
-ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of function alt_agg3
-ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER AGGREGATE alt_agg3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of function alt_agg3
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- failed (name conflict)
WHERE p.pronamespace = n.oid AND p.proowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, proname;
- nspname | proname | prorettype | prokind | rolname
-----------+-----------+------------+---------+---------------------
- alt_nsp1 | alt_agg2 | integer | a | regress_alter_user2
- alt_nsp1 | alt_agg3 | integer | a | regress_alter_user1
- alt_nsp1 | alt_agg4 | integer | a | regress_alter_user2
- alt_nsp1 | alt_func2 | integer | f | regress_alter_user2
- alt_nsp1 | alt_func3 | integer | f | regress_alter_user1
- alt_nsp1 | alt_func4 | integer | f | regress_alter_user2
- alt_nsp2 | alt_agg2 | integer | a | regress_alter_user3
- alt_nsp2 | alt_func2 | integer | f | regress_alter_user3
+ nspname | proname | prorettype | prokind | rolname
+----------+-----------+------------+---------+-----------------------------
+ alt_nsp1 | alt_agg2 | integer | a | regress_alter_generic_user2
+ alt_nsp1 | alt_agg3 | integer | a | regress_alter_generic_user1
+ alt_nsp1 | alt_agg4 | integer | a | regress_alter_generic_user2
+ alt_nsp1 | alt_func2 | integer | f | regress_alter_generic_user2
+ alt_nsp1 | alt_func3 | integer | f | regress_alter_generic_user1
+ alt_nsp1 | alt_func4 | integer | f | regress_alter_generic_user2
+ alt_nsp2 | alt_agg2 | integer | a | regress_alter_generic_user3
+ alt_nsp2 | alt_func2 | integer | f | regress_alter_generic_user3
(8 rows)
--
--
-- Conversion
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv1 RENAME TO alt_conv2; -- failed (name conflict)
ERROR: conversion "alt_conv2" already exists in schema "alt_nsp1"
ALTER CONVERSION alt_conv1 RENAME TO alt_conv3; -- OK
-ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- OK
+ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- OK
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv3 RENAME TO alt_conv4; -- failed (not owner)
ERROR: must be owner of conversion alt_conv3
ALTER CONVERSION alt_conv1 RENAME TO alt_conv4; -- OK
-ALTER CONVERSION alt_conv3 OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER CONVERSION alt_conv3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of conversion alt_conv3
-ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER CONVERSION alt_conv3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of conversion alt_conv3
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- failed (name conflict)
WHERE c.connamespace = n.oid AND c.conowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, conname;
- nspname | conname | rolname
-----------+-----------+---------------------
- alt_nsp1 | alt_conv2 | regress_alter_user2
- alt_nsp1 | alt_conv3 | regress_alter_user1
- alt_nsp1 | alt_conv4 | regress_alter_user2
- alt_nsp2 | alt_conv2 | regress_alter_user3
+ nspname | conname | rolname
+----------+-----------+-----------------------------
+ alt_nsp1 | alt_conv2 | regress_alter_generic_user2
+ alt_nsp1 | alt_conv3 | regress_alter_generic_user1
+ alt_nsp1 | alt_conv4 | regress_alter_generic_user2
+ alt_nsp2 | alt_conv2 | regress_alter_generic_user3
(4 rows)
--
--
CREATE LANGUAGE alt_lang1 HANDLER plpgsql_call_handler;
CREATE LANGUAGE alt_lang2 HANDLER plpgsql_call_handler;
-ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_user1; -- OK
-ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user1;
+ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_generic_user1; -- OK
+ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user2; -- OK
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang2; -- failed (name conflict)
ERROR: language "alt_lang2" already exists
ALTER LANGUAGE alt_lang2 RENAME TO alt_lang3; -- failed (not owner)
ERROR: must be owner of language alt_lang2
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang3; -- OK
-ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user3; -- failed (not owner)
+ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user3; -- failed (not owner)
ERROR: must be owner of language alt_lang2
-ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user3; -- OK
+ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user3; -- OK
RESET SESSION AUTHORIZATION;
SELECT lanname, a.rolname
FROM pg_language l, pg_authid a
WHERE l.lanowner = a.oid AND l.lanname like 'alt_lang%'
ORDER BY lanname;
- lanname | rolname
------------+---------------------
- alt_lang2 | regress_alter_user2
- alt_lang3 | regress_alter_user3
+ lanname | rolname
+-----------+-----------------------------
+ alt_lang2 | regress_alter_generic_user2
+ alt_lang3 | regress_alter_generic_user3
(2 rows)
--
-- Operator
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
CREATE OPERATOR @+@ ( leftarg = int4, rightarg = int4, procedure = int4pl );
-ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user3; -- OK
+ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
-ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of operator @+@
-ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER OPERATOR @+@(int4, int4) SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of operator @+@
-- can't test this: the error message includes the raw oid of namespace
WHERE o.oprnamespace = n.oid AND o.oprowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, oprname;
- nspname | oprname | rolname | oprleft | oprright | oprcode
-----------+---------+---------------------+---------+----------+---------
- alt_nsp1 | @+@ | regress_alter_user3 | integer | integer | int4pl
- alt_nsp1 | @-@ | regress_alter_user2 | integer | integer | int4mi
- alt_nsp2 | @-@ | regress_alter_user1 | integer | integer | int4mi
+ nspname | oprname | rolname | oprleft | oprright | oprcode
+----------+---------+-----------------------------+---------+----------+---------
+ alt_nsp1 | @+@ | regress_alter_generic_user3 | integer | integer | int4pl
+ alt_nsp1 | @-@ | regress_alter_generic_user2 | integer | integer | int4mi
+ alt_nsp2 | @-@ | regress_alter_generic_user1 | integer | integer | int4mi
(3 rows)
--
--
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
-ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user1;
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user1;
+ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user1;
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user1;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE uuid USING hash AS STORAGE uuid;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE uuid USING hash AS STORAGE uuid;
-ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user1;
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user1;
-SET SESSION AUTHORIZATION regress_alter_user1;
+ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user1;
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf2; -- failed (name conflict)
ERROR: operator family "alt_opf2" for access method "hash" already exists in schema "alt_nsp1"
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf3; -- OK
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- OK
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- OK
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc2; -- failed (name conflict)
ERROR: operator class "alt_opc2" for access method "hash" already exists in schema "alt_nsp1"
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc3; -- OK
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- OK
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- OK
RESET SESSION AUTHORIZATION;
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
-ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user2;
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2;
+ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user2;
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE macaddr USING hash AS STORAGE macaddr;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE macaddr USING hash AS STORAGE macaddr;
-ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user2;
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2;
-SET SESSION AUTHORIZATION regress_alter_user2;
+ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user2;
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
ALTER OPERATOR FAMILY alt_opf3 USING hash RENAME TO alt_opf4; -- failed (not owner)
ERROR: must be owner of operator family alt_opf3
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf4; -- OK
-ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of operator family alt_opf3
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER OPERATOR FAMILY alt_opf3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of operator family alt_opf3
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
ALTER OPERATOR CLASS alt_opc3 USING hash RENAME TO alt_opc4; -- failed (not owner)
ERROR: must be owner of operator class alt_opc3
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc4; -- OK
-ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of operator class alt_opc3
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER OPERATOR CLASS alt_opc3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of operator class alt_opc3
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
AND NOT opfname LIKE 'alt_opc%'
ORDER BY nspname, opfname;
- nspname | opfname | amname | rolname
-----------+----------+--------+---------------------
- alt_nsp1 | alt_opf2 | hash | regress_alter_user2
- alt_nsp1 | alt_opf3 | hash | regress_alter_user1
- alt_nsp1 | alt_opf4 | hash | regress_alter_user2
- alt_nsp2 | alt_opf2 | hash | regress_alter_user3
+ nspname | opfname | amname | rolname
+----------+----------+--------+-----------------------------
+ alt_nsp1 | alt_opf2 | hash | regress_alter_generic_user2
+ alt_nsp1 | alt_opf3 | hash | regress_alter_generic_user1
+ alt_nsp1 | alt_opf4 | hash | regress_alter_generic_user2
+ alt_nsp2 | alt_opf2 | hash | regress_alter_generic_user3
(4 rows)
SELECT nspname, opcname, amname, rolname
WHERE o.opcmethod = m.oid AND o.opcnamespace = n.oid AND o.opcowner = a.oid
AND n.nspname IN ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, opcname;
- nspname | opcname | amname | rolname
-----------+----------+--------+---------------------
- alt_nsp1 | alt_opc2 | hash | regress_alter_user2
- alt_nsp1 | alt_opc3 | hash | regress_alter_user1
- alt_nsp1 | alt_opc4 | hash | regress_alter_user2
- alt_nsp2 | alt_opc2 | hash | regress_alter_user3
+ nspname | opcname | amname | rolname
+----------+----------+--------+-----------------------------
+ alt_nsp1 | alt_opc2 | hash | regress_alter_generic_user2
+ alt_nsp1 | alt_opc3 | hash | regress_alter_generic_user1
+ alt_nsp1 | alt_opc4 | hash | regress_alter_generic_user2
+ alt_nsp2 | alt_opc2 | hash | regress_alter_generic_user3
(4 rows)
-- ALTER OPERATOR FAMILY ... ADD/DROP
DROP OPERATOR FAMILY alt_opf4 USING btree;
-- Should fail. Need to be SUPERUSER to do ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
-CREATE ROLE regress_alter_user5 NOSUPERUSER;
+CREATE ROLE regress_alter_generic_user5 NOSUPERUSER;
CREATE OPERATOR FAMILY alt_opf5 USING btree;
-SET ROLE regress_alter_user5;
+SET ROLE regress_alter_generic_user5;
ALTER OPERATOR FAMILY alt_opf5 USING btree ADD OPERATOR 1 < (int4, int2), FUNCTION 1 btint42cmp(int4, int2);
ERROR: must be superuser to alter an operator family
RESET ROLE;
ROLLBACK;
-- Should fail. Need rights to namespace for ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
-CREATE ROLE regress_alter_user6;
+CREATE ROLE regress_alter_generic_user6;
CREATE SCHEMA alt_nsp6;
-REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_user6;
+REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_generic_user6;
CREATE OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree;
-SET ROLE regress_alter_user6;
+SET ROLE regress_alter_generic_user6;
ALTER OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree ADD OPERATOR 1 < (int4, int2);
ERROR: permission denied for schema alt_nsp6
ROLLBACK;
--
-- Statistics
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TABLE alt_regress_1 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_1;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_1;
ALTER STATISTICS alt_stat1 RENAME TO alt_stat2; -- failed (name conflict)
ERROR: statistics object "alt_stat2" already exists in schema "alt_nsp1"
ALTER STATISTICS alt_stat1 RENAME TO alt_stat3; -- failed (name conflict)
-ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- OK
+ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- OK
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TABLE alt_regress_2 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_2;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_2;
ALTER STATISTICS alt_stat3 RENAME TO alt_stat4; -- failed (not owner)
ERROR: must be owner of statistics object alt_stat3
ALTER STATISTICS alt_stat1 RENAME TO alt_stat4; -- OK
-ALTER STATISTICS alt_stat3 OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER STATISTICS alt_stat3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of statistics object alt_stat3
-ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER STATISTICS alt_stat3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of statistics object alt_stat3
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- failed (name conflict)
WHERE s.stxnamespace = n.oid AND s.stxowner = a.oid
AND n.nspname in ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, stxname;
- nspname | stxname | rolname
-----------+-----------+---------------------
- alt_nsp1 | alt_stat2 | regress_alter_user2
- alt_nsp1 | alt_stat3 | regress_alter_user1
- alt_nsp1 | alt_stat4 | regress_alter_user2
- alt_nsp2 | alt_stat2 | regress_alter_user3
+ nspname | stxname | rolname
+----------+-----------+-----------------------------
+ alt_nsp1 | alt_stat2 | regress_alter_generic_user2
+ alt_nsp1 | alt_stat3 | regress_alter_generic_user1
+ alt_nsp1 | alt_stat4 | regress_alter_generic_user2
+ alt_nsp2 | alt_stat2 | regress_alter_generic_user3
(4 rows)
--
-- Text Search Dictionary
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict2; -- failed (name conflict)
ERROR: text search dictionary "alt_ts_dict2" already exists in schema "alt_nsp1"
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict3; -- OK
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- OK
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 RENAME TO alt_ts_dict4; -- failed (not owner)
ERROR: must be owner of text search dictionary alt_ts_dict3
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict4; -- OK
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of text search dictionary alt_ts_dict3
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of text search dictionary alt_ts_dict3
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- failed (name conflict)
WHERE t.dictnamespace = n.oid AND t.dictowner = a.oid
AND n.nspname in ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, dictname;
- nspname | dictname | rolname
-----------+--------------+---------------------
- alt_nsp1 | alt_ts_dict2 | regress_alter_user2
- alt_nsp1 | alt_ts_dict3 | regress_alter_user1
- alt_nsp1 | alt_ts_dict4 | regress_alter_user2
- alt_nsp2 | alt_ts_dict2 | regress_alter_user3
+ nspname | dictname | rolname
+----------+--------------+-----------------------------
+ alt_nsp1 | alt_ts_dict2 | regress_alter_generic_user2
+ alt_nsp1 | alt_ts_dict3 | regress_alter_generic_user1
+ alt_nsp1 | alt_ts_dict4 | regress_alter_generic_user2
+ alt_nsp2 | alt_ts_dict2 | regress_alter_generic_user3
(4 rows)
--
-- Text Search Configuration
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf2; -- failed (name conflict)
ERROR: text search configuration "alt_ts_conf2" already exists in schema "alt_nsp1"
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf3; -- OK
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user2"
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- OK
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user2"
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 RENAME TO alt_ts_conf4; -- failed (not owner)
ERROR: must be owner of text search configuration alt_ts_conf3
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf4; -- OK
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_user2; -- failed (not owner)
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
ERROR: must be owner of text search configuration alt_ts_conf3
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- failed (no role membership)
-ERROR: must be member of role "regress_alter_user3"
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
+ERROR: must be member of role "regress_alter_generic_user3"
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 SET SCHEMA alt_nsp2; -- failed (not owner)
ERROR: must be owner of text search configuration alt_ts_conf3
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- failed (name conflict)
WHERE t.cfgnamespace = n.oid AND t.cfgowner = a.oid
AND n.nspname in ('alt_nsp1', 'alt_nsp2')
ORDER BY nspname, cfgname;
- nspname | cfgname | rolname
-----------+--------------+---------------------
- alt_nsp1 | alt_ts_conf2 | regress_alter_user2
- alt_nsp1 | alt_ts_conf3 | regress_alter_user1
- alt_nsp1 | alt_ts_conf4 | regress_alter_user2
- alt_nsp2 | alt_ts_conf2 | regress_alter_user3
+ nspname | cfgname | rolname
+----------+--------------+-----------------------------
+ alt_nsp1 | alt_ts_conf2 | regress_alter_generic_user2
+ alt_nsp1 | alt_ts_conf3 | regress_alter_generic_user1
+ alt_nsp1 | alt_ts_conf4 | regress_alter_generic_user2
+ alt_nsp2 | alt_ts_conf2 | regress_alter_generic_user3
(4 rows)
--
NOTICE: drop cascades to 28 other objects
DROP SCHEMA alt_nsp2 CASCADE;
NOTICE: drop cascades to 9 other objects
-DROP USER regress_alter_user1;
-DROP USER regress_alter_user2;
-DROP USER regress_alter_user3;
+DROP USER regress_alter_generic_user1;
+DROP USER regress_alter_generic_user2;
+DROP USER regress_alter_generic_user3;
--
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
-DROP ROLE IF EXISTS regress_alter_user1;
+DROP ROLE IF EXISTS regress_alter_table_user1;
RESET client_min_messages;
-CREATE USER regress_alter_user1;
+CREATE USER regress_alter_table_user1;
--
-- add attribute
--
NOTICE: relation "__tmp_onek_unique1" does not exist, skipping
ALTER INDEX onek_unique1 RENAME TO tmp_onek_unique1;
ALTER INDEX tmp_onek_unique1 RENAME TO onek_unique1;
-SET ROLE regress_alter_user1;
+SET ROLE regress_alter_table_user1;
ALTER INDEX onek_unique1 RENAME TO fail; -- permission denied
ERROR: must be owner of index onek_unique1
RESET ROLE;
-- renaming views
CREATE VIEW tmp_view (unique1) AS SELECT unique1 FROM tenk1;
ALTER TABLE tmp_view RENAME TO tmp_view_new;
-SET ROLE regress_alter_user1;
+SET ROLE regress_alter_table_user1;
ALTER VIEW tmp_view_new RENAME TO fail; -- permission denied
ERROR: must be owner of view tmp_view_new
RESET ROLE;
ALTER TABLE tmp ALTER COLUMN i RESET (n_distinct_inherited);
ANALYZE tmp;
DROP TABLE tmp;
-DROP USER regress_alter_user1;
+DROP USER regress_alter_table_user1;
DROP PROCEDURE nonexistent();
ERROR: procedure nonexistent() does not exist
-- privileges
-CREATE USER regress_user1;
-GRANT INSERT ON cp_test TO regress_user1;
+CREATE USER regress_cp_user1;
+GRANT INSERT ON cp_test TO regress_cp_user1;
REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC;
-SET ROLE regress_user1;
+SET ROLE regress_cp_user1;
CALL ptest1('a'); -- error
ERROR: permission denied for procedure ptest1
RESET ROLE;
-GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1;
-SET ROLE regress_user1;
+GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_cp_user1;
+SET ROLE regress_cp_user1;
CALL ptest1('a'); -- ok
RESET ROLE;
-- ROUTINE syntax
DROP PROCEDURE ptest1;
DROP PROCEDURE ptest2;
DROP TABLE cp_test;
-DROP USER regress_user1;
+DROP USER regress_cp_user1;
NOTICE: view "v3_temp" will be a temporary view
ERROR: cannot create temporary relation in non-temporary schema
-- should fail
-CREATE SCHEMA test_schema
+CREATE SCHEMA test_view_schema
CREATE TEMP VIEW testview AS SELECT 1;
ERROR: cannot create temporary relation in non-temporary schema
-- joins: if any of the join relations are temporary, the view
ALTER TABLE itest7 ALTER COLUMN a RESTART;
ALTER TABLE itest7 ALTER COLUMN a DROP IDENTITY;
-- privileges
-CREATE USER regress_user1;
+CREATE USER regress_identity_user1;
CREATE TABLE itest8 (a int GENERATED ALWAYS AS IDENTITY, b text);
-GRANT SELECT, INSERT ON itest8 TO regress_user1;
-SET ROLE regress_user1;
+GRANT SELECT, INSERT ON itest8 TO regress_identity_user1;
+SET ROLE regress_identity_user1;
INSERT INTO itest8 DEFAULT VALUES;
SELECT * FROM itest8;
a | b
RESET ROLE;
DROP TABLE itest8;
-DROP USER regress_user1;
+DROP USER regress_identity_user1;
-- typed tables (currently not supported)
CREATE TYPE itest_type AS (f1 integer, f2 text, f3 bigint);
CREATE TABLE itest12 OF itest_type (f1 WITH OPTIONS GENERATED ALWAYS AS IDENTITY); -- error
-- appropriate key description (or none) in various situations
create table key_desc (a int, b int) partition by list ((a+0));
create table key_desc_1 partition of key_desc for values in (1) partition by range (b);
-create user someone_else;
-grant select (a) on key_desc_1 to someone_else;
-grant insert on key_desc to someone_else;
-set role someone_else;
+create user regress_insert_other_user;
+grant select (a) on key_desc_1 to regress_insert_other_user;
+grant insert on key_desc to regress_insert_other_user;
+set role regress_insert_other_user;
-- no key description is shown
insert into key_desc values (1, 1);
ERROR: no partition of relation "key_desc_1" found for row
reset role;
-grant select (b) on key_desc_1 to someone_else;
-set role someone_else;
+grant select (b) on key_desc_1 to regress_insert_other_user;
+set role regress_insert_other_user;
-- key description (b)=(1) is now shown
insert into key_desc values (1, 1);
ERROR: no partition of relation "key_desc_1" found for row
insert into key_desc values (2, 1);
ERROR: no partition of relation "key_desc" found for row
reset role;
-revoke all on key_desc from someone_else;
-revoke all on key_desc_1 from someone_else;
-drop role someone_else;
+revoke all on key_desc from regress_insert_other_user;
+revoke all on key_desc_1 from regress_insert_other_user;
+drop role regress_insert_other_user;
drop table key_desc, key_desc_1;
-- test minvalue/maxvalue restrictions
create table mcrparted (a int, b int, c int) partition by range (a, abs(b), c);
--
-- Regression tests for schemas (namespaces)
--
-CREATE SCHEMA test_schema_1
+CREATE SCHEMA test_ns_schema_1
CREATE UNIQUE INDEX abc_a_idx ON abc (a)
CREATE VIEW abc_view AS
SELECT a+1 AS a, b+1 AS b FROM abc
);
-- verify that the objects were created
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
- (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
+ (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
count
-------
5
(1 row)
-INSERT INTO test_schema_1.abc DEFAULT VALUES;
-INSERT INTO test_schema_1.abc DEFAULT VALUES;
-INSERT INTO test_schema_1.abc DEFAULT VALUES;
-SELECT * FROM test_schema_1.abc;
+INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
+INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
+INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
+SELECT * FROM test_ns_schema_1.abc;
a | b
---+---
1 |
3 |
(3 rows)
-SELECT * FROM test_schema_1.abc_view;
+SELECT * FROM test_ns_schema_1.abc_view;
a | b
---+---
2 |
4 |
(3 rows)
-ALTER SCHEMA test_schema_1 RENAME TO test_schema_renamed;
+ALTER SCHEMA test_ns_schema_1 RENAME TO test_ns_schema_renamed;
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
- (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
+ (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
count
-------
0
(1 row)
-- test IF NOT EXISTS cases
-CREATE SCHEMA test_schema_renamed; -- fail, already exists
-ERROR: schema "test_schema_renamed" already exists
-CREATE SCHEMA IF NOT EXISTS test_schema_renamed; -- ok with notice
-NOTICE: schema "test_schema_renamed" already exists, skipping
-CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed
+CREATE SCHEMA test_ns_schema_renamed; -- fail, already exists
+ERROR: schema "test_ns_schema_renamed" already exists
+CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed; -- ok with notice
+NOTICE: schema "test_ns_schema_renamed" already exists, skipping
+CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed -- fail, disallowed
CREATE TABLE abc (
a serial,
b int UNIQUE
ERROR: CREATE SCHEMA IF NOT EXISTS cannot include schema elements
LINE 2: CREATE TABLE abc (
^
-DROP SCHEMA test_schema_renamed CASCADE;
+DROP SCHEMA test_ns_schema_renamed CASCADE;
NOTICE: drop cascades to 2 other objects
-DETAIL: drop cascades to table test_schema_renamed.abc
-drop cascades to view test_schema_renamed.abc_view
+DETAIL: drop cascades to table test_ns_schema_renamed.abc
+drop cascades to view test_ns_schema_renamed.abc_view
-- verify that the objects were dropped
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
- (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_renamed');
+ (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_renamed');
count
-------
0
-- Clean up in case a prior regression run failed
-- Suppress NOTICE messages when users/groups don't exist
SET client_min_messages TO 'warning';
-DROP ROLE IF EXISTS regress_group1;
-DROP ROLE IF EXISTS regress_group2;
-DROP ROLE IF EXISTS regress_user1;
-DROP ROLE IF EXISTS regress_user2;
-DROP ROLE IF EXISTS regress_user3;
-DROP ROLE IF EXISTS regress_user4;
-DROP ROLE IF EXISTS regress_user5;
-DROP ROLE IF EXISTS regress_user6;
+DROP ROLE IF EXISTS regress_priv_group1;
+DROP ROLE IF EXISTS regress_priv_group2;
+DROP ROLE IF EXISTS regress_priv_user1;
+DROP ROLE IF EXISTS regress_priv_user2;
+DROP ROLE IF EXISTS regress_priv_user3;
+DROP ROLE IF EXISTS regress_priv_user4;
+DROP ROLE IF EXISTS regress_priv_user5;
+DROP ROLE IF EXISTS regress_priv_user6;
SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
lo_unlink
-----------
RESET client_min_messages;
-- test proper begins here
-CREATE USER regress_user1;
-CREATE USER regress_user2;
-CREATE USER regress_user3;
-CREATE USER regress_user4;
-CREATE USER regress_user5;
-CREATE USER regress_user5; -- duplicate
-ERROR: role "regress_user5" already exists
-CREATE GROUP regress_group1;
-CREATE GROUP regress_group2 WITH USER regress_user1, regress_user2;
-ALTER GROUP regress_group1 ADD USER regress_user4;
-ALTER GROUP regress_group2 ADD USER regress_user2; -- duplicate
-NOTICE: role "regress_user2" is already a member of role "regress_group2"
-ALTER GROUP regress_group2 DROP USER regress_user2;
-GRANT regress_group2 TO regress_user4 WITH ADMIN OPTION;
+CREATE USER regress_priv_user1;
+CREATE USER regress_priv_user2;
+CREATE USER regress_priv_user3;
+CREATE USER regress_priv_user4;
+CREATE USER regress_priv_user5;
+CREATE USER regress_priv_user5; -- duplicate
+ERROR: role "regress_priv_user5" already exists
+CREATE GROUP regress_priv_group1;
+CREATE GROUP regress_priv_group2 WITH USER regress_priv_user1, regress_priv_user2;
+ALTER GROUP regress_priv_group1 ADD USER regress_priv_user4;
+ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2; -- duplicate
+NOTICE: role "regress_priv_user2" is already a member of role "regress_priv_group2"
+ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2;
+GRANT regress_priv_group2 TO regress_priv_user4 WITH ADMIN OPTION;
-- test owner privileges
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT session_user, current_user;
- session_user | current_user
----------------+---------------
- regress_user1 | regress_user1
+ session_user | current_user
+--------------------+--------------------
+ regress_priv_user1 | regress_priv_user1
(1 row)
CREATE TABLE atest1 ( a int, b text );
---+---
(0 rows)
-GRANT ALL ON atest1 TO regress_user2;
-GRANT SELECT ON atest1 TO regress_user3, regress_user4;
+GRANT ALL ON atest1 TO regress_priv_user2;
+GRANT SELECT ON atest1 TO regress_priv_user3, regress_priv_user4;
SELECT * FROM atest1;
a | b
---+---
(0 rows)
CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
-GRANT SELECT ON atest2 TO regress_user2;
-GRANT UPDATE ON atest2 TO regress_user3;
-GRANT INSERT ON atest2 TO regress_user4;
-GRANT TRUNCATE ON atest2 TO regress_user5;
-SET SESSION AUTHORIZATION regress_user2;
+GRANT SELECT ON atest2 TO regress_priv_user2;
+GRANT UPDATE ON atest2 TO regress_priv_user3;
+GRANT INSERT ON atest2 TO regress_priv_user4;
+GRANT TRUNCATE ON atest2 TO regress_priv_user5;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT session_user, current_user;
- session_user | current_user
----------------+---------------
- regress_user2 | regress_user2
+ session_user | current_user
+--------------------+--------------------
+ regress_priv_user2 | regress_priv_user2
(1 row)
-- try various combinations of queries on atest1 and atest2
------+------
(0 rows)
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
SELECT session_user, current_user;
- session_user | current_user
----------------+---------------
- regress_user3 | regress_user3
+ session_user | current_user
+--------------------+--------------------
+ regress_priv_user3 | regress_priv_user3
(1 row)
SELECT * FROM atest1; -- ok
ERROR: permission denied for table atest2
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
ERROR: permission denied for table atest2
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
COPY atest2 FROM stdin; -- ok
SELECT * FROM atest1; -- ok
a | b
(2 rows)
-- test leaky-function protections in selfuncs
--- regress_user1 will own a table and provide a view for it.
-SET SESSION AUTHORIZATION regress_user1;
+-- regress_priv_user1 will own a table and provide a view for it.
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest12 as
SELECT x AS a, 10001 - x AS b FROM generate_series(1,10000) x;
CREATE INDEX ON atest12 (a);
Index Cond: (a = y.b)
(5 rows)
--- Check if regress_user2 can break security.
-SET SESSION AUTHORIZATION regress_user2;
+-- Check if regress_priv_user2 can break security.
+SET SESSION AUTHORIZATION regress_priv_user2;
CREATE FUNCTION leak2(integer,integer) RETURNS boolean
AS $$begin raise notice 'leak % %', $1, $2; return $1 > $2; end$$
LANGUAGE plpgsql immutable;
Filter: (b <<< 5)
(7 rows)
--- Now regress_user1 grants sufficient access to regress_user2.
-SET SESSION AUTHORIZATION regress_user1;
+-- Now regress_priv_user1 grants sufficient access to regress_priv_user2.
+SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (a, b) ON atest12 TO PUBLIC;
-SET SESSION AUTHORIZATION regress_user2;
--- Now regress_user2 will also get a good row estimate.
+SET SESSION AUTHORIZATION regress_priv_user2;
+-- Now regress_priv_user2 will also get a good row estimate.
EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
QUERY PLAN
-------------------------------------------------
Filter: (abs(a) <<< 5)
(6 rows)
--- clean up (regress_user1's objects are all dropped later)
+-- clean up (regress_priv_user1's objects are all dropped later)
DROP FUNCTION leak2(integer, integer) CASCADE;
NOTICE: drop cascades to operator >>>(integer,integer)
-- groups
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
CREATE TABLE atest3 (one int, two int, three int);
-GRANT DELETE ON atest3 TO GROUP regress_group2;
-SET SESSION AUTHORIZATION regress_user1;
+GRANT DELETE ON atest3 TO GROUP regress_priv_group2;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM atest3; -- fail
ERROR: permission denied for table atest3
DELETE FROM atest3; -- ok
-- views
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
/* The next *should* fail, but it's not implemented that way yet. */
CREATE VIEW atestv2 AS SELECT * FROM atest2;
SELECT * FROM atestv2; -- fail
ERROR: permission denied for table atest2
-GRANT SELECT ON atestv1, atestv3 TO regress_user4;
-GRANT SELECT ON atestv2 TO regress_user2;
-SET SESSION AUTHORIZATION regress_user4;
+GRANT SELECT ON atestv1, atestv3 TO regress_priv_user4;
+GRANT SELECT ON atestv2 TO regress_priv_user2;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atestv1; -- ok
a | b
---+-----
-----+-----+-------
(0 rows)
-GRANT SELECT ON atestv4 TO regress_user2;
-SET SESSION AUTHORIZATION regress_user2;
+GRANT SELECT ON atestv4 TO regress_priv_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
-- Two complex cases:
SELECT * FROM atestv3; -- fail
ERROR: permission denied for view atestv3
-SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3)
+SELECT * FROM atestv4; -- ok (even though regress_priv_user2 cannot access underlying atestv3)
one | two | three
-----+-----+-------
(0 rows)
bar | t
(1 row)
-SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2)
+SELECT * FROM atestv2; -- fail (even though regress_priv_user2 can access underlying atest2)
ERROR: permission denied for table atest2
-- Test column level permissions
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest5 (one int, two int unique, three int, four int unique);
CREATE TABLE atest6 (one int, two int, blue int);
-GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_user4;
-GRANT ALL (one) ON atest5 TO regress_user3;
+GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user4;
+GRANT ALL (one) ON atest5 TO regress_priv_user3;
INSERT INTO atest5 VALUES (1,2,3);
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest5; -- fail
ERROR: permission denied for table atest5
SELECT one FROM atest5; -- ok
SELECT one, two FROM atest5; -- fail
ERROR: permission denied for table atest5
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT (one,two) ON atest6 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT (one,two) ON atest6 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
ERROR: permission denied for table atest5
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT (two) ON atest5 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT (two) ON atest5 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
one | two
-----+-----
-- Check that the columns in the inference require select privileges
INSERT INTO atest5(four) VALUES (4); -- fail
ERROR: permission denied for table atest5
-SET SESSION AUTHORIZATION regress_user1;
-GRANT INSERT (four) ON atest5 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT INSERT (four) ON atest5 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT)
ERROR: permission denied for table atest5
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT)
ERROR: permission denied for table atest5
INSERT INTO atest5(four) VALUES (4); -- ok
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT (four) ON atest5 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT (four) ON atest5 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- ok
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- ok
-SET SESSION AUTHORIZATION regress_user1;
-REVOKE ALL (one) ON atest5 FROM regress_user4;
-GRANT SELECT (one,two,blue) ON atest6 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+REVOKE ALL (one) ON atest5 FROM regress_priv_user4;
+GRANT SELECT (one,two,blue) ON atest6 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one FROM atest5; -- fail
ERROR: permission denied for table atest5
UPDATE atest5 SET one = 1; -- fail
COPY atest6 TO stdout; -- ok
-- check error reporting with column privs
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE t1 (c1 int, c2 int, c3 int check (c3 < 5), primary key (c1, c2));
-GRANT SELECT (c1) ON t1 TO regress_user2;
-GRANT INSERT (c1, c2, c3) ON t1 TO regress_user2;
-GRANT UPDATE (c1, c2, c3) ON t1 TO regress_user2;
+GRANT SELECT (c1) ON t1 TO regress_priv_user2;
+GRANT INSERT (c1, c2, c3) ON t1 TO regress_priv_user2;
+GRANT UPDATE (c1, c2, c3) ON t1 TO regress_priv_user2;
-- seed data
INSERT INTO t1 VALUES (1, 1, 1);
INSERT INTO t1 VALUES (1, 2, 1);
INSERT INTO t1 VALUES (2, 1, 2);
INSERT INTO t1 VALUES (2, 2, 2);
INSERT INTO t1 VALUES (3, 1, 3);
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
INSERT INTO t1 (c1, c2) VALUES (1, 1); -- fail, but row not shown
ERROR: duplicate key value violates unique constraint "t1_pkey"
UPDATE t1 SET c2 = 1; -- fail, but row not shown
UPDATE t1 SET c3 = 10; -- fail, but see columns with SELECT rights, or being modified
ERROR: new row for relation "t1" violates check constraint "t1_c3_check"
DETAIL: Failing row contains (c1, c3) = (1, 10).
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
DROP TABLE t1;
-- test column-level privileges when involved with DELETE
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 ADD COLUMN three integer;
-GRANT DELETE ON atest5 TO regress_user3;
-GRANT SELECT (two) ON atest5 TO regress_user3;
-REVOKE ALL (one) ON atest5 FROM regress_user3;
-GRANT SELECT (one) ON atest5 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+GRANT DELETE ON atest5 TO regress_priv_user3;
+GRANT SELECT (two) ON atest5 TO regress_priv_user3;
+REVOKE ALL (one) ON atest5 FROM regress_priv_user3;
+GRANT SELECT (one) ON atest5 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- fail
ERROR: permission denied for table atest6
SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
ERROR: permission denied for table atest5
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN three;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- ok
atest6
--------
-----
(0 rows)
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN two;
-REVOKE SELECT (one,blue) ON atest6 FROM regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+REVOKE SELECT (one,blue) ON atest6 FROM regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest6; -- fail
ERROR: permission denied for table atest6
SELECT 1 FROM atest6; -- fail
ERROR: permission denied for table atest6
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
DELETE FROM atest5 WHERE one = 1; -- fail
ERROR: permission denied for table atest5
DELETE FROM atest5 WHERE two = 2; -- ok
-- check inheritance cases
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atestp1 (f1 int, f2 int) WITH OIDS;
CREATE TABLE atestp2 (fx int, fy int) WITH OIDS;
CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2);
-GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_user2;
-GRANT SELECT(fx) ON atestc TO regress_user2;
-SET SESSION AUTHORIZATION regress_user2;
+GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_priv_user2;
+GRANT SELECT(fx) ON atestc TO regress_priv_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- ok
fx
----
SELECT fy FROM atestc; -- fail
ERROR: permission denied for table atestc
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT(fy,oid) ON atestc TO regress_user2;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT(fy,oid) ON atestc TO regress_priv_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- still ok
fx
----
-- switch to superuser
\c -
REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC;
-GRANT USAGE ON LANGUAGE sql TO regress_user1; -- ok
+GRANT USAGE ON LANGUAGE sql TO regress_priv_user1; -- ok
GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail
ERROR: language "c" is not trusted
DETAIL: GRANT and REVOKE are not allowed on untrusted languages, because only superusers can use untrusted languages.
-SET SESSION AUTHORIZATION regress_user1;
-GRANT USAGE ON LANGUAGE sql TO regress_user2; -- fail
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT USAGE ON LANGUAGE sql TO regress_priv_user2; -- fail
WARNING: no privileges were granted for "sql"
CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql;
CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testagg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testproc1(int) AS 'select $1;' LANGUAGE sql;
REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) FROM PUBLIC;
-GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_user2;
+GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_priv_user2;
REVOKE ALL ON FUNCTION testproc1(int) FROM PUBLIC; -- fail, not a function
ERROR: testproc1(integer) is not a function
REVOKE ALL ON PROCEDURE testproc1(int) FROM PUBLIC;
-GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_user2;
-GRANT USAGE ON FUNCTION testfunc1(int) TO regress_user3; -- semantic error
+GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_priv_user2;
+GRANT USAGE ON FUNCTION testfunc1(int) TO regress_priv_user3; -- semantic error
ERROR: invalid privilege type USAGE for function
-GRANT USAGE ON FUNCTION testagg1(int) TO regress_user3; -- semantic error
+GRANT USAGE ON FUNCTION testagg1(int) TO regress_priv_user3; -- semantic error
ERROR: invalid privilege type USAGE for function
-GRANT USAGE ON PROCEDURE testproc1(int) TO regress_user3; -- semantic error
+GRANT USAGE ON PROCEDURE testproc1(int) TO regress_priv_user3; -- semantic error
ERROR: invalid privilege type USAGE for procedure
-GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_user4;
-GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_user4;
+GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_priv_user4;
+GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_priv_user4;
ERROR: function testfunc_nosuch(integer) does not exist
-GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_user4;
-GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_user4;
+GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_priv_user4;
+GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_priv_user4;
CREATE FUNCTION testfunc4(boolean) RETURNS text
AS 'select col1 from atest2 where col2 = $1;'
LANGUAGE sql SECURITY DEFINER;
-GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_user3;
-SET SESSION AUTHORIZATION regress_user2;
+GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_priv_user3;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT testfunc1(5), testfunc2(5); -- ok
testfunc1 | testfunc2
-----------+-----------
(1 row)
CALL testproc1(6); -- ok
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
SELECT testfunc1(5); -- fail
ERROR: permission denied for function testfunc1
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail
bar
(1 row)
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT testfunc1(5); -- ok
testfunc1
-----------
{1}
(1 row)
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT '{1}'::int4[]::int8[]; --other user, fail
ERROR: permission denied for function int8
ROLLBACK;
\c -
CREATE TYPE testtype1 AS (a int, b text);
REVOKE USAGE ON TYPE testtype1 FROM PUBLIC;
-GRANT USAGE ON TYPE testtype1 TO regress_user2;
-GRANT USAGE ON TYPE _testtype1 TO regress_user2; -- fail
+GRANT USAGE ON TYPE testtype1 TO regress_priv_user2;
+GRANT USAGE ON TYPE _testtype1 TO regress_priv_user2; -- fail
ERROR: cannot set privileges of array types
HINT: Set the privileges of the element type instead.
-GRANT USAGE ON DOMAIN testtype1 TO regress_user2; -- fail
+GRANT USAGE ON DOMAIN testtype1 TO regress_priv_user2; -- fail
ERROR: "testtype1" is not a domain
CREATE DOMAIN testdomain1 AS int;
REVOKE USAGE on DOMAIN testdomain1 FROM PUBLIC;
-GRANT USAGE ON DOMAIN testdomain1 TO regress_user2;
-GRANT USAGE ON TYPE testdomain1 TO regress_user2; -- ok
-SET SESSION AUTHORIZATION regress_user1;
+GRANT USAGE ON DOMAIN testdomain1 TO regress_priv_user2;
+GRANT USAGE ON TYPE testdomain1 TO regress_priv_user2; -- ok
+SET SESSION AUTHORIZATION regress_priv_user1;
-- commands that should fail
CREATE AGGREGATE testagg1a(testdomain1) (sfunc = int4_sum, stype = bigint);
ERROR: permission denied for type testdomain1
ERROR: permission denied for type testdomain1
REVOKE ALL ON TYPE testtype1 FROM PUBLIC;
ERROR: permission denied for type testtype1
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
-- commands that should succeed
CREATE AGGREGATE testagg1b(testdomain1) (sfunc = int4_sum, stype = bigint);
CREATE DOMAIN testdomain2b AS testdomain1;
DROP TYPE testtype1; -- ok
DROP DOMAIN testdomain1; -- ok
-- truncate
-SET SESSION AUTHORIZATION regress_user5;
+SET SESSION AUTHORIZATION regress_priv_user5;
TRUNCATE atest2; -- ok
TRUNCATE atest3; -- fail
ERROR: permission denied for table atest3
(1 row)
-- non-superuser
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
select has_table_privilege(current_user,'pg_class','select');
has_table_privilege
---------------------
(1 row)
-- Grant options
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest4 (a int);
-GRANT SELECT ON atest4 TO regress_user2 WITH GRANT OPTION;
-GRANT UPDATE ON atest4 TO regress_user2;
-GRANT SELECT ON atest4 TO GROUP regress_group1 WITH GRANT OPTION;
-SET SESSION AUTHORIZATION regress_user2;
-GRANT SELECT ON atest4 TO regress_user3;
-GRANT UPDATE ON atest4 TO regress_user3; -- fail
+GRANT SELECT ON atest4 TO regress_priv_user2 WITH GRANT OPTION;
+GRANT UPDATE ON atest4 TO regress_priv_user2;
+GRANT SELECT ON atest4 TO GROUP regress_priv_group1 WITH GRANT OPTION;
+SET SESSION AUTHORIZATION regress_priv_user2;
+GRANT SELECT ON atest4 TO regress_priv_user3;
+GRANT UPDATE ON atest4 TO regress_priv_user3; -- fail
WARNING: no privileges were granted for "atest4"
-SET SESSION AUTHORIZATION regress_user1;
-REVOKE SELECT ON atest4 FROM regress_user3; -- does nothing
-SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- true
+SET SESSION AUTHORIZATION regress_priv_user1;
+REVOKE SELECT ON atest4 FROM regress_priv_user3; -- does nothing
+SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
-REVOKE SELECT ON atest4 FROM regress_user2; -- fail
+REVOKE SELECT ON atest4 FROM regress_priv_user2; -- fail
ERROR: dependent privileges exist
HINT: Use CASCADE to revoke them too.
-REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_user2 CASCADE; -- ok
-SELECT has_table_privilege('regress_user2', 'atest4', 'SELECT'); -- true
+REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_priv_user2 CASCADE; -- ok
+SELECT has_table_privilege('regress_priv_user2', 'atest4', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
-SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- false
+SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- false
has_table_privilege
---------------------
f
(1 row)
-SELECT has_table_privilege('regress_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
+SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
has_table_privilege
---------------------
t
(1 row)
-- Admin options
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS
- 'GRANT regress_group2 TO regress_user5';
-GRANT regress_group2 TO regress_user5; -- ok: had ADMIN OPTION
-SET ROLE regress_group2;
-GRANT regress_group2 TO regress_user5; -- fails: SET ROLE suspended privilege
-ERROR: must have admin option on role "regress_group2"
-SET SESSION AUTHORIZATION regress_user1;
-GRANT regress_group2 TO regress_user5; -- fails: no ADMIN OPTION
-ERROR: must have admin option on role "regress_group2"
+ 'GRANT regress_priv_group2 TO regress_priv_user5';
+GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION
+SET ROLE regress_priv_group2;
+GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege
+ERROR: must have admin option on role "regress_priv_group2"
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION
+ERROR: must have admin option on role "regress_priv_group2"
SELECT dogrant_ok(); -- ok: SECURITY DEFINER conveys ADMIN
-NOTICE: role "regress_user5" is already a member of role "regress_group2"
+NOTICE: role "regress_priv_user5" is already a member of role "regress_priv_group2"
dogrant_ok
------------
(1 row)
-SET ROLE regress_group2;
-GRANT regress_group2 TO regress_user5; -- fails: SET ROLE did not help
-ERROR: must have admin option on role "regress_group2"
-SET SESSION AUTHORIZATION regress_group2;
-GRANT regress_group2 TO regress_user5; -- ok: a role can self-admin
-NOTICE: role "regress_user5" is already a member of role "regress_group2"
+SET ROLE regress_priv_group2;
+GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help
+ERROR: must have admin option on role "regress_priv_group2"
+SET SESSION AUTHORIZATION regress_priv_group2;
+GRANT regress_priv_group2 TO regress_priv_user5; -- ok: a role can self-admin
+NOTICE: role "regress_priv_user5" is already a member of role "regress_priv_group2"
CREATE FUNCTION dogrant_fails() RETURNS void LANGUAGE sql SECURITY DEFINER AS
- 'GRANT regress_group2 TO regress_user5';
+ 'GRANT regress_priv_group2 TO regress_priv_user5';
SELECT dogrant_fails(); -- fails: no self-admin in SECURITY DEFINER
-ERROR: must have admin option on role "regress_group2"
+ERROR: must have admin option on role "regress_priv_group2"
CONTEXT: SQL function "dogrant_fails" statement 1
DROP FUNCTION dogrant_fails();
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
DROP FUNCTION dogrant_ok();
-REVOKE regress_group2 FROM regress_user5;
+REVOKE regress_priv_group2 FROM regress_priv_user5;
-- has_sequence_privilege tests
\c -
CREATE SEQUENCE x_seq;
-GRANT USAGE on x_seq to regress_user2;
-SELECT has_sequence_privilege('regress_user1', 'atest1', 'SELECT');
+GRANT USAGE on x_seq to regress_priv_user2;
+SELECT has_sequence_privilege('regress_priv_user1', 'atest1', 'SELECT');
ERROR: "atest1" is not a sequence
-SELECT has_sequence_privilege('regress_user1', 'x_seq', 'INSERT');
+SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'INSERT');
ERROR: unrecognized privilege type: "INSERT"
-SELECT has_sequence_privilege('regress_user1', 'x_seq', 'SELECT');
+SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'SELECT');
has_sequence_privilege
------------------------
f
(1 row)
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT has_sequence_privilege('x_seq', 'USAGE');
has_sequence_privilege
------------------------
-- largeobject privilege tests
\c -
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT lo_create(1001);
lo_create
-----------
(1 row)
GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
-GRANT SELECT ON LARGE OBJECT 1003 TO regress_user2;
-GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_user2;
-GRANT ALL ON LARGE OBJECT 1005 TO regress_user2;
-GRANT SELECT ON LARGE OBJECT 1005 TO regress_user2 WITH GRANT OPTION;
+GRANT SELECT ON LARGE OBJECT 1003 TO regress_priv_user2;
+GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_priv_user2;
+GRANT ALL ON LARGE OBJECT 1005 TO regress_priv_user2;
+GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user2 WITH GRANT OPTION;
GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed
ERROR: invalid privilege type INSERT for large object
GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed
GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed
ERROR: large object 999 does not exist
\c -
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT lo_create(2001);
lo_create
-----------
4
(1 row)
-GRANT SELECT ON LARGE OBJECT 1005 TO regress_user3;
-GRANT UPDATE ON LARGE OBJECT 1006 TO regress_user3; -- to be denied
+GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user3;
+GRANT UPDATE ON LARGE OBJECT 1006 TO regress_priv_user3; -- to be denied
ERROR: large object 1006 does not exist
REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
-GRANT ALL ON LARGE OBJECT 2001 TO regress_user3;
+GRANT ALL ON LARGE OBJECT 2001 TO regress_priv_user3;
SELECT lo_unlink(1001); -- to be denied
ERROR: must be owner of large object 1001
SELECT lo_unlink(2002);
\c -
-- confirm ACL setting
SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
- oid | ownername | lomacl
-------+---------------+------------------------------------------------------------------------------------------------
- 1001 | regress_user1 | {regress_user1=rw/regress_user1,=rw/regress_user1}
- 1002 | regress_user1 |
- 1003 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=r/regress_user1}
- 1004 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=rw/regress_user1}
- 1005 | regress_user1 | {regress_user1=rw/regress_user1,regress_user2=r*w/regress_user1,regress_user3=r/regress_user2}
- 2001 | regress_user2 | {regress_user2=rw/regress_user2,regress_user3=rw/regress_user2}
+ oid | ownername | lomacl
+------+--------------------+------------------------------------------------------------------------------------------------------------------------------
+ 1001 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,=rw/regress_priv_user1}
+ 1002 | regress_priv_user1 |
+ 1003 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r/regress_priv_user1}
+ 1004 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=rw/regress_priv_user1}
+ 1005 | regress_priv_user1 | {regress_priv_user1=rw/regress_priv_user1,regress_priv_user2=r*w/regress_priv_user1,regress_priv_user3=r/regress_priv_user2}
+ 2001 | regress_priv_user2 | {regress_priv_user2=rw/regress_priv_user2,regress_priv_user3=rw/regress_priv_user2}
(6 rows)
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
SELECT loread(lo_open(1001, x'40000'::int), 32);
loread
------------
-- compatibility mode in largeobject permission
\c -
SET lo_compat_privileges = false; -- default setting
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
ERROR: permission denied for large object 1002
SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
ERROR: permission denied for function lo_import
\c -
SET lo_compat_privileges = true; -- compatibility mode
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32);
loread
--------
------+--------+------
(0 rows)
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM pg_largeobject LIMIT 0; -- to be denied
ERROR: permission denied for table pg_largeobject
-- test default ACLs
\c -
CREATE SCHEMA testns;
-GRANT ALL ON SCHEMA testns TO regress_user1;
+GRANT ALL ON SCHEMA testns TO regress_priv_user1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
has_table_privilege
---------------------
f
(1 row)
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
(1 row)
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
has_table_privilege
---------------------
f
(1 row)
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
has_table_privilege
---------------------
t
(1 row)
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
(1 row)
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_user1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
has_table_privilege
---------------------
t
(1 row)
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- yes
has_table_privilege
---------------------
t
(1 row)
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_user1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
has_table_privilege
---------------------
t
(1 row)
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
has_table_privilege
---------------------
f
(1 row)
-ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_user2; -- error
+ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error
ERROR: cannot use IN SCHEMA clause when using GRANT/REVOKE ON SCHEMAS
-ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_user2;
+ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns2;
-SELECT has_schema_privilege('regress_user2', 'testns2', 'USAGE'); -- yes
+SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'USAGE'); -- yes
has_schema_privilege
----------------------
t
(1 row)
-SELECT has_schema_privilege('regress_user2', 'testns2', 'CREATE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'CREATE'); -- no
has_schema_privilege
----------------------
f
(1 row)
-ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_user2;
+ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns3;
-SELECT has_schema_privilege('regress_user2', 'testns3', 'USAGE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'USAGE'); -- no
has_schema_privilege
----------------------
f
(1 row)
-SELECT has_schema_privilege('regress_user2', 'testns3', 'CREATE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'CREATE'); -- no
has_schema_privilege
----------------------
f
(1 row)
-ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns4;
-SELECT has_schema_privilege('regress_user2', 'testns4', 'USAGE'); -- yes
+SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'USAGE'); -- yes
has_schema_privilege
----------------------
t
(1 row)
-SELECT has_schema_privilege('regress_user2', 'testns4', 'CREATE'); -- yes
+SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes
has_schema_privilege
----------------------
t
(1 row)
-ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_user2;
+ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns5;
-SELECT has_schema_privilege('regress_user2', 'testns5', 'USAGE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no
has_schema_privilege
----------------------
f
(1 row)
-SELECT has_schema_privilege('regress_user2', 'testns5', 'CREATE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'CREATE'); -- no
has_schema_privilege
----------------------
f
(1 row)
-SET ROLE regress_user1;
+SET ROLE regress_priv_user1;
CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
-SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- no
+SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- no
has_function_privilege
------------------------
f
(1 row)
-SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
+SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
has_function_privilege
------------------------
f
(1 row)
-SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- no
+SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- no
has_function_privilege
------------------------
f
CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
DROP PROCEDURE testns.bar();
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
-SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- yes
+SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- yes
has_function_privilege
------------------------
t
(1 row)
-SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
+SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
has_function_privilege
------------------------
t
(1 row)
-SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
+SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
has_function_privilege
------------------------
t
DROP FUNCTION testns.foo();
DROP AGGREGATE testns.agg1(int);
DROP PROCEDURE testns.bar();
-ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE USAGE ON TYPES FROM public;
+ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE USAGE ON TYPES FROM public;
CREATE DOMAIN testns.testdomain1 AS int;
-SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no
+SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- no
has_type_privilege
--------------------
f
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public;
DROP DOMAIN testns.testdomain1;
CREATE DOMAIN testns.testdomain1 AS int;
-SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- yes
+SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- yes
has_type_privilege
--------------------
t
CREATE SCHEMA testns;
CREATE TABLE testns.t1 (f1 int);
CREATE TABLE testns.t2 (f1 int);
-SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
+SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
has_table_privilege
---------------------
f
(1 row)
-GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_user1;
-SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- true
+GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_priv_user1;
+SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
-SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- true
+SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- true
has_table_privilege
---------------------
t
(1 row)
-REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_user1;
-SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
+REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_priv_user1;
+SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
has_table_privilege
---------------------
f
(1 row)
-SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false
+SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- false
has_table_privilege
---------------------
f
CREATE FUNCTION testns.testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testns.testagg(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.testproc(int) AS 'select 3' LANGUAGE sql;
-SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
+SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
has_function_privilege
------------------------
t
(1 row)
-SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
+SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
has_function_privilege
------------------------
t
(1 row)
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
has_function_privilege
------------------------
t
(1 row)
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC;
-SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
+SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
has_function_privilege
------------------------
f
(1 row)
-SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
+SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
has_function_privilege
------------------------
f
(1 row)
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
has_function_privilege
------------------------
t
(1 row)
REVOKE ALL ON ALL PROCEDURES IN SCHEMA testns FROM PUBLIC;
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
has_function_privilege
------------------------
f
(1 row)
GRANT ALL ON ALL ROUTINES IN SCHEMA testns TO PUBLIC;
-SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
+SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
has_function_privilege
------------------------
t
(1 row)
-SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
+SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
has_function_privilege
------------------------
t
(1 row)
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
has_function_privilege
------------------------
t
DROP ROLE regress_schemauser_renamed;
-- test that dependent privileges are revoked (or not) properly
\c -
-set session role regress_user1;
+set session role regress_priv_user1;
create table dep_priv_test (a int);
-grant select on dep_priv_test to regress_user2 with grant option;
-grant select on dep_priv_test to regress_user3 with grant option;
-set session role regress_user2;
-grant select on dep_priv_test to regress_user4 with grant option;
-set session role regress_user3;
-grant select on dep_priv_test to regress_user4 with grant option;
-set session role regress_user4;
-grant select on dep_priv_test to regress_user5;
+grant select on dep_priv_test to regress_priv_user2 with grant option;
+grant select on dep_priv_test to regress_priv_user3 with grant option;
+set session role regress_priv_user2;
+grant select on dep_priv_test to regress_priv_user4 with grant option;
+set session role regress_priv_user3;
+grant select on dep_priv_test to regress_priv_user4 with grant option;
+set session role regress_priv_user4;
+grant select on dep_priv_test to regress_priv_user5;
\dp dep_priv_test
- Access privileges
- Schema | Name | Type | Access privileges | Column privileges | Policies
---------+---------------+-------+-------------------------------------+-------------------+----------
- public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| |
- | | | regress_user2=r*/regress_user1 +| |
- | | | regress_user3=r*/regress_user1 +| |
- | | | regress_user4=r*/regress_user2 +| |
- | | | regress_user4=r*/regress_user3 +| |
- | | | regress_user5=r/regress_user4 | |
-(1 row)
-
-set session role regress_user2;
-revoke select on dep_priv_test from regress_user4 cascade;
+ Access privileges
+ Schema | Name | Type | Access privileges | Column privileges | Policies
+--------+---------------+-------+-----------------------------------------------+-------------------+----------
+ public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| |
+ | | | regress_priv_user2=r*/regress_priv_user1 +| |
+ | | | regress_priv_user3=r*/regress_priv_user1 +| |
+ | | | regress_priv_user4=r*/regress_priv_user2 +| |
+ | | | regress_priv_user4=r*/regress_priv_user3 +| |
+ | | | regress_priv_user5=r/regress_priv_user4 | |
+(1 row)
+
+set session role regress_priv_user2;
+revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
- Access privileges
- Schema | Name | Type | Access privileges | Column privileges | Policies
---------+---------------+-------+-------------------------------------+-------------------+----------
- public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| |
- | | | regress_user2=r*/regress_user1 +| |
- | | | regress_user3=r*/regress_user1 +| |
- | | | regress_user4=r*/regress_user3 +| |
- | | | regress_user5=r/regress_user4 | |
-(1 row)
-
-set session role regress_user3;
-revoke select on dep_priv_test from regress_user4 cascade;
+ Access privileges
+ Schema | Name | Type | Access privileges | Column privileges | Policies
+--------+---------------+-------+-----------------------------------------------+-------------------+----------
+ public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| |
+ | | | regress_priv_user2=r*/regress_priv_user1 +| |
+ | | | regress_priv_user3=r*/regress_priv_user1 +| |
+ | | | regress_priv_user4=r*/regress_priv_user3 +| |
+ | | | regress_priv_user5=r/regress_priv_user4 | |
+(1 row)
+
+set session role regress_priv_user3;
+revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
- Access privileges
- Schema | Name | Type | Access privileges | Column privileges | Policies
---------+---------------+-------+-------------------------------------+-------------------+----------
- public | dep_priv_test | table | regress_user1=arwdDxt/regress_user1+| |
- | | | regress_user2=r*/regress_user1 +| |
- | | | regress_user3=r*/regress_user1 | |
+ Access privileges
+ Schema | Name | Type | Access privileges | Column privileges | Policies
+--------+---------------+-------+-----------------------------------------------+-------------------+----------
+ public | dep_priv_test | table | regress_priv_user1=arwdDxt/regress_priv_user1+| |
+ | | | regress_priv_user2=r*/regress_priv_user1 +| |
+ | | | regress_priv_user3=r*/regress_priv_user1 | |
(1 row)
-set session role regress_user1;
+set session role regress_priv_user1;
drop table dep_priv_test;
-- clean up
\c
1
(5 rows)
-DROP GROUP regress_group1;
-DROP GROUP regress_group2;
+DROP GROUP regress_priv_group1;
+DROP GROUP regress_priv_group2;
-- these are needed to clean up permissions
-REVOKE USAGE ON LANGUAGE sql FROM regress_user1;
-DROP OWNED BY regress_user1;
-DROP USER regress_user1;
-DROP USER regress_user2;
-DROP USER regress_user3;
-DROP USER regress_user4;
-DROP USER regress_user5;
-DROP USER regress_user6;
-ERROR: role "regress_user6" does not exist
+REVOKE USAGE ON LANGUAGE sql FROM regress_priv_user1;
+DROP OWNED BY regress_priv_user1;
+DROP USER regress_priv_user1;
+DROP USER regress_priv_user2;
+DROP USER regress_priv_user3;
+DROP USER regress_priv_user4;
+DROP USER regress_priv_user5;
+DROP USER regress_priv_user6;
+ERROR: role "regress_priv_user6" does not exist
-- permissions with LOCK TABLE
CREATE USER regress_locktable_user;
CREATE TABLE lock_table (a int);
GRANT regress_testrol0 TO pg_signal_backend; -- success
SET ROLE pg_signal_backend; --success
RESET ROLE;
-CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success
+CREATE SCHEMA test_roles_schema AUTHORIZATION pg_signal_backend; --success
SET ROLE regress_testrol2;
UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_';
SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_';
-- clean up
\c
-DROP SCHEMA test_schema;
+DROP SCHEMA test_roles_schema;
DROP OWNED BY regress_testrol0, "Public", "current_user", regress_testrol1, regress_testrol2, regress_testrolx CASCADE;
DROP ROLE regress_testrol0, regress_testrol1, regress_testrol2, regress_testrolx;
DROP ROLE "Public", "None", "current_user", "session_user", "user";
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
-DROP ROLE IF EXISTS regress_alter_user1;
-DROP ROLE IF EXISTS regress_alter_user2;
-DROP ROLE IF EXISTS regress_alter_user3;
+DROP ROLE IF EXISTS regress_alter_generic_user1;
+DROP ROLE IF EXISTS regress_alter_generic_user2;
+DROP ROLE IF EXISTS regress_alter_generic_user3;
RESET client_min_messages;
-CREATE USER regress_alter_user3;
-CREATE USER regress_alter_user2;
-CREATE USER regress_alter_user1 IN ROLE regress_alter_user3;
+CREATE USER regress_alter_generic_user3;
+CREATE USER regress_alter_generic_user2;
+CREATE USER regress_alter_generic_user1 IN ROLE regress_alter_generic_user3;
CREATE SCHEMA alt_nsp1;
CREATE SCHEMA alt_nsp2;
--
-- Function and Aggregate
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 1';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
sfunc1 = int4mi, basetype = int4, stype1 = int4, initcond = 0
);
ALTER AGGREGATE alt_func1(int) RENAME TO alt_func3; -- failed (not aggregate)
-ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_user3; -- failed (not aggregate)
+ALTER AGGREGATE alt_func1(int) OWNER TO regress_alter_generic_user3; -- failed (not aggregate)
ALTER AGGREGATE alt_func1(int) SET SCHEMA alt_nsp2; -- failed (not aggregate)
ALTER FUNCTION alt_func1(int) RENAME TO alt_func2; -- failed (name conflict)
ALTER FUNCTION alt_func1(int) RENAME TO alt_func3; -- OK
-ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- OK
+ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp1; -- OK, already there
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- OK
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg2; -- failed (name conflict)
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg3; -- OK
-ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- OK
+ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- OK
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE FUNCTION alt_func1(int) RETURNS int LANGUAGE sql
AS 'SELECT $1 + 2';
CREATE FUNCTION alt_func2(int) RETURNS int LANGUAGE sql
ALTER FUNCTION alt_func3(int) RENAME TO alt_func4; -- failed (not owner)
ALTER FUNCTION alt_func1(int) RENAME TO alt_func4; -- OK
-ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER FUNCTION alt_func3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER FUNCTION alt_func2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER FUNCTION alt_func3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER FUNCTION alt_func2(int) SET SCHEMA alt_nsp2; -- failed (name conflicts)
ALTER AGGREGATE alt_agg3(int) RENAME TO alt_agg4; -- failed (not owner)
ALTER AGGREGATE alt_agg1(int) RENAME TO alt_agg4; -- OK
-ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER AGGREGATE alt_agg3(int) OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER AGGREGATE alt_agg2(int) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER AGGREGATE alt_agg3(int) SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER AGGREGATE alt_agg2(int) SET SCHEMA alt_nsp2; -- failed (name conflict)
--
-- Conversion
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv1 RENAME TO alt_conv2; -- failed (name conflict)
ALTER CONVERSION alt_conv1 RENAME TO alt_conv3; -- OK
-ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- OK
+ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- OK
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE CONVERSION alt_conv1 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
CREATE CONVERSION alt_conv2 FOR 'LATIN1' TO 'UTF8' FROM iso8859_1_to_utf8;
ALTER CONVERSION alt_conv3 RENAME TO alt_conv4; -- failed (not owner)
ALTER CONVERSION alt_conv1 RENAME TO alt_conv4; -- OK
-ALTER CONVERSION alt_conv3 OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER CONVERSION alt_conv2 OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER CONVERSION alt_conv3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER CONVERSION alt_conv2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER CONVERSION alt_conv3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER CONVERSION alt_conv2 SET SCHEMA alt_nsp2; -- failed (name conflict)
CREATE LANGUAGE alt_lang1 HANDLER plpgsql_call_handler;
CREATE LANGUAGE alt_lang2 HANDLER plpgsql_call_handler;
-ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_user1; -- OK
-ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user2; -- OK
+ALTER LANGUAGE alt_lang1 OWNER TO regress_alter_generic_user1; -- OK
+ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang2; -- failed (name conflict)
ALTER LANGUAGE alt_lang2 RENAME TO alt_lang3; -- failed (not owner)
ALTER LANGUAGE alt_lang1 RENAME TO alt_lang3; -- OK
-ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_user3; -- failed (not owner)
-ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_user3; -- OK
+ALTER LANGUAGE alt_lang2 OWNER TO regress_alter_generic_user3; -- failed (not owner)
+ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER LANGUAGE alt_lang3 OWNER TO regress_alter_generic_user3; -- OK
RESET SESSION AUTHORIZATION;
SELECT lanname, a.rolname
--
-- Operator
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
CREATE OPERATOR @+@ ( leftarg = int4, rightarg = int4, procedure = int4pl );
-ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user3; -- OK
+ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE OPERATOR @-@ ( leftarg = int4, rightarg = int4, procedure = int4mi );
-ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER OPERATOR @+@(int4, int4) OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER OPERATOR @-@(int4, int4) OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER OPERATOR @+@(int4, int4) SET SCHEMA alt_nsp2; -- failed (not owner)
-- can't test this: the error message includes the raw oid of namespace
-- ALTER OPERATOR @-@(int4, int4) SET SCHEMA alt_nsp2; -- failed (name conflict)
--
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
-ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user1;
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user1;
+ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user1;
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user1;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE uuid USING hash AS STORAGE uuid;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE uuid USING hash AS STORAGE uuid;
-ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user1;
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user1;
+ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user1;
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user1;
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf2; -- failed (name conflict)
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf3; -- OK
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- OK
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- OK
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc2; -- failed (name conflict)
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc3; -- OK
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- OK
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- OK
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- OK
RESET SESSION AUTHORIZATION;
CREATE OPERATOR FAMILY alt_opf1 USING hash;
CREATE OPERATOR FAMILY alt_opf2 USING hash;
-ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_user2;
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user2;
+ALTER OPERATOR FAMILY alt_opf1 USING hash OWNER TO regress_alter_generic_user2;
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user2;
CREATE OPERATOR CLASS alt_opc1 FOR TYPE macaddr USING hash AS STORAGE macaddr;
CREATE OPERATOR CLASS alt_opc2 FOR TYPE macaddr USING hash AS STORAGE macaddr;
-ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_user2;
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user2;
+ALTER OPERATOR CLASS alt_opc1 USING hash OWNER TO regress_alter_generic_user2;
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user2;
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
ALTER OPERATOR FAMILY alt_opf3 USING hash RENAME TO alt_opf4; -- failed (not owner)
ALTER OPERATOR FAMILY alt_opf1 USING hash RENAME TO alt_opf4; -- OK
-ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER OPERATOR FAMILY alt_opf3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER OPERATOR FAMILY alt_opf2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER OPERATOR FAMILY alt_opf3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER OPERATOR FAMILY alt_opf2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
ALTER OPERATOR CLASS alt_opc3 USING hash RENAME TO alt_opc4; -- failed (not owner)
ALTER OPERATOR CLASS alt_opc1 USING hash RENAME TO alt_opc4; -- OK
-ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER OPERATOR CLASS alt_opc3 USING hash OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER OPERATOR CLASS alt_opc2 USING hash OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER OPERATOR CLASS alt_opc3 USING hash SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER OPERATOR CLASS alt_opc2 USING hash SET SCHEMA alt_nsp2; -- failed (name conflict)
-- Should fail. Need to be SUPERUSER to do ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
-CREATE ROLE regress_alter_user5 NOSUPERUSER;
+CREATE ROLE regress_alter_generic_user5 NOSUPERUSER;
CREATE OPERATOR FAMILY alt_opf5 USING btree;
-SET ROLE regress_alter_user5;
+SET ROLE regress_alter_generic_user5;
ALTER OPERATOR FAMILY alt_opf5 USING btree ADD OPERATOR 1 < (int4, int2), FUNCTION 1 btint42cmp(int4, int2);
RESET ROLE;
DROP OPERATOR FAMILY alt_opf5 USING btree;
-- Should fail. Need rights to namespace for ALTER OPERATOR FAMILY .. ADD / DROP
BEGIN TRANSACTION;
-CREATE ROLE regress_alter_user6;
+CREATE ROLE regress_alter_generic_user6;
CREATE SCHEMA alt_nsp6;
-REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_user6;
+REVOKE ALL ON SCHEMA alt_nsp6 FROM regress_alter_generic_user6;
CREATE OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree;
-SET ROLE regress_alter_user6;
+SET ROLE regress_alter_generic_user6;
ALTER OPERATOR FAMILY alt_nsp6.alt_opf6 USING btree ADD OPERATOR 1 < (int4, int2);
ROLLBACK;
--
-- Statistics
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TABLE alt_regress_1 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_1;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_1;
ALTER STATISTICS alt_stat1 RENAME TO alt_stat2; -- failed (name conflict)
ALTER STATISTICS alt_stat1 RENAME TO alt_stat3; -- failed (name conflict)
-ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- OK
+ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- OK
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TABLE alt_regress_2 (a INTEGER, b INTEGER);
CREATE STATISTICS alt_stat1 ON a, b FROM alt_regress_2;
CREATE STATISTICS alt_stat2 ON a, b FROM alt_regress_2;
ALTER STATISTICS alt_stat3 RENAME TO alt_stat4; -- failed (not owner)
ALTER STATISTICS alt_stat1 RENAME TO alt_stat4; -- OK
-ALTER STATISTICS alt_stat3 OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER STATISTICS alt_stat2 OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER STATISTICS alt_stat3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER STATISTICS alt_stat2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER STATISTICS alt_stat3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER STATISTICS alt_stat2 SET SCHEMA alt_nsp2; -- failed (name conflict)
--
-- Text Search Dictionary
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict2; -- failed (name conflict)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict3; -- OK
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- OK
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH DICTIONARY alt_ts_dict1 (template=simple);
CREATE TEXT SEARCH DICTIONARY alt_ts_dict2 (template=simple);
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 RENAME TO alt_ts_dict4; -- failed (not owner)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict1 RENAME TO alt_ts_dict4; -- OK
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER TEXT SEARCH DICTIONARY alt_ts_dict2 SET SCHEMA alt_nsp2; -- failed (name conflict)
--
-- Text Search Configuration
--
-SET SESSION AUTHORIZATION regress_alter_user1;
+SET SESSION AUTHORIZATION regress_alter_generic_user1;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf2; -- failed (name conflict)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf3; -- OK
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user2; -- failed (no role membership)
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- OK
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user2; -- failed (no role membership)
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- OK
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- OK
-SET SESSION AUTHORIZATION regress_alter_user2;
+SET SESSION AUTHORIZATION regress_alter_generic_user2;
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf1 (copy=english);
CREATE TEXT SEARCH CONFIGURATION alt_ts_conf2 (copy=english);
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 RENAME TO alt_ts_conf4; -- failed (not owner)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf1 RENAME TO alt_ts_conf4; -- OK
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_user2; -- failed (not owner)
-ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_user3; -- failed (no role membership)
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 OWNER TO regress_alter_generic_user2; -- failed (not owner)
+ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 OWNER TO regress_alter_generic_user3; -- failed (no role membership)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf3 SET SCHEMA alt_nsp2; -- failed (not owner)
ALTER TEXT SEARCH CONFIGURATION alt_ts_conf2 SET SCHEMA alt_nsp2; -- failed (name conflict)
DROP SCHEMA alt_nsp1 CASCADE;
DROP SCHEMA alt_nsp2 CASCADE;
-DROP USER regress_alter_user1;
-DROP USER regress_alter_user2;
-DROP USER regress_alter_user3;
+DROP USER regress_alter_generic_user1;
+DROP USER regress_alter_generic_user2;
+DROP USER regress_alter_generic_user3;
-- Clean up in case a prior regression run failed
SET client_min_messages TO 'warning';
-DROP ROLE IF EXISTS regress_alter_user1;
+DROP ROLE IF EXISTS regress_alter_table_user1;
RESET client_min_messages;
-CREATE USER regress_alter_user1;
+CREATE USER regress_alter_table_user1;
--
-- add attribute
ALTER INDEX onek_unique1 RENAME TO tmp_onek_unique1;
ALTER INDEX tmp_onek_unique1 RENAME TO onek_unique1;
-SET ROLE regress_alter_user1;
+SET ROLE regress_alter_table_user1;
ALTER INDEX onek_unique1 RENAME TO fail; -- permission denied
RESET ROLE;
CREATE VIEW tmp_view (unique1) AS SELECT unique1 FROM tenk1;
ALTER TABLE tmp_view RENAME TO tmp_view_new;
-SET ROLE regress_alter_user1;
+SET ROLE regress_alter_table_user1;
ALTER VIEW tmp_view_new RENAME TO fail; -- permission denied
RESET ROLE;
ANALYZE tmp;
DROP TABLE tmp;
-DROP USER regress_alter_user1;
+DROP USER regress_alter_table_user1;
-- privileges
-CREATE USER regress_user1;
-GRANT INSERT ON cp_test TO regress_user1;
+CREATE USER regress_cp_user1;
+GRANT INSERT ON cp_test TO regress_cp_user1;
REVOKE EXECUTE ON PROCEDURE ptest1(text) FROM PUBLIC;
-SET ROLE regress_user1;
+SET ROLE regress_cp_user1;
CALL ptest1('a'); -- error
RESET ROLE;
-GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_user1;
-SET ROLE regress_user1;
+GRANT EXECUTE ON PROCEDURE ptest1(text) TO regress_cp_user1;
+SET ROLE regress_cp_user1;
CALL ptest1('a'); -- ok
RESET ROLE;
DROP TABLE cp_test;
-DROP USER regress_user1;
+DROP USER regress_cp_user1;
-- should fail
CREATE VIEW temp_view_test.v3_temp AS SELECT * FROM temp_table;
-- should fail
-CREATE SCHEMA test_schema
+CREATE SCHEMA test_view_schema
CREATE TEMP VIEW testview AS SELECT 1;
-- joins: if any of the join relations are temporary, the view
ALTER TABLE itest7 ALTER COLUMN a DROP IDENTITY;
-- privileges
-CREATE USER regress_user1;
+CREATE USER regress_identity_user1;
CREATE TABLE itest8 (a int GENERATED ALWAYS AS IDENTITY, b text);
-GRANT SELECT, INSERT ON itest8 TO regress_user1;
-SET ROLE regress_user1;
+GRANT SELECT, INSERT ON itest8 TO regress_identity_user1;
+SET ROLE regress_identity_user1;
INSERT INTO itest8 DEFAULT VALUES;
SELECT * FROM itest8;
RESET ROLE;
DROP TABLE itest8;
-DROP USER regress_user1;
+DROP USER regress_identity_user1;
-- typed tables (currently not supported)
create table key_desc (a int, b int) partition by list ((a+0));
create table key_desc_1 partition of key_desc for values in (1) partition by range (b);
-create user someone_else;
-grant select (a) on key_desc_1 to someone_else;
-grant insert on key_desc to someone_else;
+create user regress_insert_other_user;
+grant select (a) on key_desc_1 to regress_insert_other_user;
+grant insert on key_desc to regress_insert_other_user;
-set role someone_else;
+set role regress_insert_other_user;
-- no key description is shown
insert into key_desc values (1, 1);
reset role;
-grant select (b) on key_desc_1 to someone_else;
-set role someone_else;
+grant select (b) on key_desc_1 to regress_insert_other_user;
+set role regress_insert_other_user;
-- key description (b)=(1) is now shown
insert into key_desc values (1, 1);
-- key description is not shown if key contains expression
insert into key_desc values (2, 1);
reset role;
-revoke all on key_desc from someone_else;
-revoke all on key_desc_1 from someone_else;
-drop role someone_else;
+revoke all on key_desc from regress_insert_other_user;
+revoke all on key_desc_1 from regress_insert_other_user;
+drop role regress_insert_other_user;
drop table key_desc, key_desc_1;
-- test minvalue/maxvalue restrictions
-- Regression tests for schemas (namespaces)
--
-CREATE SCHEMA test_schema_1
+CREATE SCHEMA test_ns_schema_1
CREATE UNIQUE INDEX abc_a_idx ON abc (a)
CREATE VIEW abc_view AS
-- verify that the objects were created
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
- (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
+ (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
-INSERT INTO test_schema_1.abc DEFAULT VALUES;
-INSERT INTO test_schema_1.abc DEFAULT VALUES;
-INSERT INTO test_schema_1.abc DEFAULT VALUES;
+INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
+INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
+INSERT INTO test_ns_schema_1.abc DEFAULT VALUES;
-SELECT * FROM test_schema_1.abc;
-SELECT * FROM test_schema_1.abc_view;
+SELECT * FROM test_ns_schema_1.abc;
+SELECT * FROM test_ns_schema_1.abc_view;
-ALTER SCHEMA test_schema_1 RENAME TO test_schema_renamed;
+ALTER SCHEMA test_ns_schema_1 RENAME TO test_ns_schema_renamed;
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
- (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_1');
+ (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_1');
-- test IF NOT EXISTS cases
-CREATE SCHEMA test_schema_renamed; -- fail, already exists
-CREATE SCHEMA IF NOT EXISTS test_schema_renamed; -- ok with notice
-CREATE SCHEMA IF NOT EXISTS test_schema_renamed -- fail, disallowed
+CREATE SCHEMA test_ns_schema_renamed; -- fail, already exists
+CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed; -- ok with notice
+CREATE SCHEMA IF NOT EXISTS test_ns_schema_renamed -- fail, disallowed
CREATE TABLE abc (
a serial,
b int UNIQUE
);
-DROP SCHEMA test_schema_renamed CASCADE;
+DROP SCHEMA test_ns_schema_renamed CASCADE;
-- verify that the objects were dropped
SELECT COUNT(*) FROM pg_class WHERE relnamespace =
- (SELECT oid FROM pg_namespace WHERE nspname = 'test_schema_renamed');
+ (SELECT oid FROM pg_namespace WHERE nspname = 'test_ns_schema_renamed');
-- Suppress NOTICE messages when users/groups don't exist
SET client_min_messages TO 'warning';
-DROP ROLE IF EXISTS regress_group1;
-DROP ROLE IF EXISTS regress_group2;
+DROP ROLE IF EXISTS regress_priv_group1;
+DROP ROLE IF EXISTS regress_priv_group2;
-DROP ROLE IF EXISTS regress_user1;
-DROP ROLE IF EXISTS regress_user2;
-DROP ROLE IF EXISTS regress_user3;
-DROP ROLE IF EXISTS regress_user4;
-DROP ROLE IF EXISTS regress_user5;
-DROP ROLE IF EXISTS regress_user6;
+DROP ROLE IF EXISTS regress_priv_user1;
+DROP ROLE IF EXISTS regress_priv_user2;
+DROP ROLE IF EXISTS regress_priv_user3;
+DROP ROLE IF EXISTS regress_priv_user4;
+DROP ROLE IF EXISTS regress_priv_user5;
+DROP ROLE IF EXISTS regress_priv_user6;
SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
-- test proper begins here
-CREATE USER regress_user1;
-CREATE USER regress_user2;
-CREATE USER regress_user3;
-CREATE USER regress_user4;
-CREATE USER regress_user5;
-CREATE USER regress_user5; -- duplicate
+CREATE USER regress_priv_user1;
+CREATE USER regress_priv_user2;
+CREATE USER regress_priv_user3;
+CREATE USER regress_priv_user4;
+CREATE USER regress_priv_user5;
+CREATE USER regress_priv_user5; -- duplicate
-CREATE GROUP regress_group1;
-CREATE GROUP regress_group2 WITH USER regress_user1, regress_user2;
+CREATE GROUP regress_priv_group1;
+CREATE GROUP regress_priv_group2 WITH USER regress_priv_user1, regress_priv_user2;
-ALTER GROUP regress_group1 ADD USER regress_user4;
+ALTER GROUP regress_priv_group1 ADD USER regress_priv_user4;
-ALTER GROUP regress_group2 ADD USER regress_user2; -- duplicate
-ALTER GROUP regress_group2 DROP USER regress_user2;
-GRANT regress_group2 TO regress_user4 WITH ADMIN OPTION;
+ALTER GROUP regress_priv_group2 ADD USER regress_priv_user2; -- duplicate
+ALTER GROUP regress_priv_group2 DROP USER regress_priv_user2;
+GRANT regress_priv_group2 TO regress_priv_user4 WITH ADMIN OPTION;
-- test owner privileges
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT session_user, current_user;
CREATE TABLE atest1 ( a int, b text );
REVOKE ALL ON atest1 FROM PUBLIC;
SELECT * FROM atest1;
-GRANT ALL ON atest1 TO regress_user2;
-GRANT SELECT ON atest1 TO regress_user3, regress_user4;
+GRANT ALL ON atest1 TO regress_priv_user2;
+GRANT SELECT ON atest1 TO regress_priv_user3, regress_priv_user4;
SELECT * FROM atest1;
CREATE TABLE atest2 (col1 varchar(10), col2 boolean);
-GRANT SELECT ON atest2 TO regress_user2;
-GRANT UPDATE ON atest2 TO regress_user3;
-GRANT INSERT ON atest2 TO regress_user4;
-GRANT TRUNCATE ON atest2 TO regress_user5;
+GRANT SELECT ON atest2 TO regress_priv_user2;
+GRANT UPDATE ON atest2 TO regress_priv_user3;
+GRANT INSERT ON atest2 TO regress_priv_user4;
+GRANT TRUNCATE ON atest2 TO regress_priv_user5;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT session_user, current_user;
-- try various combinations of queries on atest1 and atest2
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
SELECT session_user, current_user;
SELECT * FROM atest1; -- ok
SELECT * FROM atest1 WHERE ( b IN ( SELECT col1 FROM atest2 ) );
SELECT * FROM atest2 WHERE ( col1 IN ( SELECT b FROM atest1 ) );
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
COPY atest2 FROM stdin; -- ok
bar true
\.
-- test leaky-function protections in selfuncs
--- regress_user1 will own a table and provide a view for it.
-SET SESSION AUTHORIZATION regress_user1;
+-- regress_priv_user1 will own a table and provide a view for it.
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest12 as
SELECT x AS a, 10001 - x AS b FROM generate_series(1,10000) x;
EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
WHERE x.a = y.b and abs(y.a) <<< 5;
--- Check if regress_user2 can break security.
-SET SESSION AUTHORIZATION regress_user2;
+-- Check if regress_priv_user2 can break security.
+SET SESSION AUTHORIZATION regress_priv_user2;
CREATE FUNCTION leak2(integer,integer) RETURNS boolean
AS $$begin raise notice 'leak % %', $1, $2; return $1 > $2; end$$
-- This plan should use hashjoin, as it will expect many rows to be selected.
EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
--- Now regress_user1 grants sufficient access to regress_user2.
-SET SESSION AUTHORIZATION regress_user1;
+-- Now regress_priv_user1 grants sufficient access to regress_priv_user2.
+SET SESSION AUTHORIZATION regress_priv_user1;
GRANT SELECT (a, b) ON atest12 TO PUBLIC;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
--- Now regress_user2 will also get a good row estimate.
+-- Now regress_priv_user2 will also get a good row estimate.
EXPLAIN (COSTS OFF) SELECT * FROM atest12v x, atest12v y WHERE x.a = y.b;
-- But not for this, due to lack of table-wide permissions needed
EXPLAIN (COSTS OFF) SELECT * FROM atest12 x, atest12 y
WHERE x.a = y.b and abs(y.a) <<< 5;
--- clean up (regress_user1's objects are all dropped later)
+-- clean up (regress_priv_user1's objects are all dropped later)
DROP FUNCTION leak2(integer, integer) CASCADE;
-- groups
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
CREATE TABLE atest3 (one int, two int, three int);
-GRANT DELETE ON atest3 TO GROUP regress_group2;
+GRANT DELETE ON atest3 TO GROUP regress_priv_group2;
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM atest3; -- fail
DELETE FROM atest3; -- ok
-- views
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
CREATE VIEW atestv1 AS SELECT * FROM atest1; -- ok
/* The next *should* fail, but it's not implemented that way yet. */
SELECT * FROM atestv1; -- ok
SELECT * FROM atestv2; -- fail
-GRANT SELECT ON atestv1, atestv3 TO regress_user4;
-GRANT SELECT ON atestv2 TO regress_user2;
+GRANT SELECT ON atestv1, atestv3 TO regress_priv_user4;
+GRANT SELECT ON atestv2 TO regress_priv_user2;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atestv1; -- ok
SELECT * FROM atestv2; -- fail
CREATE VIEW atestv4 AS SELECT * FROM atestv3; -- nested view
SELECT * FROM atestv4; -- ok
-GRANT SELECT ON atestv4 TO regress_user2;
+GRANT SELECT ON atestv4 TO regress_priv_user2;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
-- Two complex cases:
SELECT * FROM atestv3; -- fail
-SELECT * FROM atestv4; -- ok (even though regress_user2 cannot access underlying atestv3)
+SELECT * FROM atestv4; -- ok (even though regress_priv_user2 cannot access underlying atestv3)
SELECT * FROM atest2; -- ok
-SELECT * FROM atestv2; -- fail (even though regress_user2 can access underlying atest2)
+SELECT * FROM atestv2; -- fail (even though regress_priv_user2 can access underlying atest2)
-- Test column level permissions
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest5 (one int, two int unique, three int, four int unique);
CREATE TABLE atest6 (one int, two int, blue int);
-GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_user4;
-GRANT ALL (one) ON atest5 TO regress_user3;
+GRANT SELECT (one), INSERT (two), UPDATE (three) ON atest5 TO regress_priv_user4;
+GRANT ALL (one) ON atest5 TO regress_priv_user3;
INSERT INTO atest5 VALUES (1,2,3);
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest5; -- fail
SELECT one FROM atest5; -- ok
COPY atest5 (one) TO stdout; -- ok
SELECT atest1.*,atest5.one FROM atest1 JOIN atest5 ON (atest1.a = atest5.one); -- ok
SELECT one, two FROM atest5; -- fail
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT (one,two) ON atest6 TO regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT (one,two) ON atest6 TO regress_priv_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- fail still
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT (two) ON atest5 TO regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT (two) ON atest5 TO regress_priv_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one, two FROM atest5 NATURAL JOIN atest6; -- ok now
-- test column-level privileges for INSERT and UPDATE
-- Check that the columns in the inference require select privileges
INSERT INTO atest5(four) VALUES (4); -- fail
-SET SESSION AUTHORIZATION regress_user1;
-GRANT INSERT (four) ON atest5 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT INSERT (four) ON atest5 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- fails (due to SELECT)
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- fails (due to SELECT)
INSERT INTO atest5(four) VALUES (4); -- ok
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT (four) ON atest5 TO regress_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT (four) ON atest5 TO regress_priv_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
INSERT INTO atest5(four) VALUES (4) ON CONFLICT (four) DO UPDATE set three = 3; -- ok
INSERT INTO atest5(four) VALUES (4) ON CONFLICT ON CONSTRAINT atest5_four_key DO UPDATE set three = 3; -- ok
-SET SESSION AUTHORIZATION regress_user1;
-REVOKE ALL (one) ON atest5 FROM regress_user4;
-GRANT SELECT (one,two,blue) ON atest6 TO regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user1;
+REVOKE ALL (one) ON atest5 FROM regress_priv_user4;
+GRANT SELECT (one,two,blue) ON atest6 TO regress_priv_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT one FROM atest5; -- fail
UPDATE atest5 SET one = 1; -- fail
SELECT atest6 FROM atest6; -- ok
COPY atest6 TO stdout; -- ok
-- check error reporting with column privs
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE t1 (c1 int, c2 int, c3 int check (c3 < 5), primary key (c1, c2));
-GRANT SELECT (c1) ON t1 TO regress_user2;
-GRANT INSERT (c1, c2, c3) ON t1 TO regress_user2;
-GRANT UPDATE (c1, c2, c3) ON t1 TO regress_user2;
+GRANT SELECT (c1) ON t1 TO regress_priv_user2;
+GRANT INSERT (c1, c2, c3) ON t1 TO regress_priv_user2;
+GRANT UPDATE (c1, c2, c3) ON t1 TO regress_priv_user2;
-- seed data
INSERT INTO t1 VALUES (1, 1, 1);
INSERT INTO t1 VALUES (2, 2, 2);
INSERT INTO t1 VALUES (3, 1, 3);
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
INSERT INTO t1 (c1, c2) VALUES (1, 1); -- fail, but row not shown
UPDATE t1 SET c2 = 1; -- fail, but row not shown
INSERT INTO t1 (c1, c2) VALUES (null, null); -- fail, but see columns being inserted
INSERT INTO t1 (c1) VALUES (5); -- fail, but see columns being inserted or have SELECT
UPDATE t1 SET c3 = 10; -- fail, but see columns with SELECT rights, or being modified
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
DROP TABLE t1;
-- test column-level privileges when involved with DELETE
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 ADD COLUMN three integer;
-GRANT DELETE ON atest5 TO regress_user3;
-GRANT SELECT (two) ON atest5 TO regress_user3;
-REVOKE ALL (one) ON atest5 FROM regress_user3;
-GRANT SELECT (one) ON atest5 TO regress_user4;
+GRANT DELETE ON atest5 TO regress_priv_user3;
+GRANT SELECT (two) ON atest5 TO regress_priv_user3;
+REVOKE ALL (one) ON atest5 FROM regress_priv_user3;
+GRANT SELECT (one) ON atest5 TO regress_priv_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- fail
SELECT one FROM atest5 NATURAL JOIN atest6; -- fail
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN three;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT atest6 FROM atest6; -- ok
SELECT one FROM atest5 NATURAL JOIN atest6; -- ok
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
ALTER TABLE atest6 DROP COLUMN two;
-REVOKE SELECT (one,blue) ON atest6 FROM regress_user4;
+REVOKE SELECT (one,blue) ON atest6 FROM regress_priv_user4;
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT * FROM atest6; -- fail
SELECT 1 FROM atest6; -- fail
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
DELETE FROM atest5 WHERE one = 1; -- fail
DELETE FROM atest5 WHERE two = 2; -- ok
-- check inheritance cases
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atestp1 (f1 int, f2 int) WITH OIDS;
CREATE TABLE atestp2 (fx int, fy int) WITH OIDS;
CREATE TABLE atestc (fz int) INHERITS (atestp1, atestp2);
-GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_user2;
-GRANT SELECT(fx) ON atestc TO regress_user2;
+GRANT SELECT(fx,fy,oid) ON atestp2 TO regress_priv_user2;
+GRANT SELECT(fx) ON atestc TO regress_priv_user2;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- ok
SELECT fy FROM atestp2; -- ok
SELECT atestp2 FROM atestp2; -- ok
SELECT oid FROM atestp2; -- ok
SELECT fy FROM atestc; -- fail
-SET SESSION AUTHORIZATION regress_user1;
-GRANT SELECT(fy,oid) ON atestc TO regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT SELECT(fy,oid) ON atestc TO regress_priv_user2;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT fx FROM atestp2; -- still ok
SELECT fy FROM atestp2; -- ok
SELECT atestp2 FROM atestp2; -- ok
\c -
REVOKE ALL PRIVILEGES ON LANGUAGE sql FROM PUBLIC;
-GRANT USAGE ON LANGUAGE sql TO regress_user1; -- ok
+GRANT USAGE ON LANGUAGE sql TO regress_priv_user1; -- ok
GRANT USAGE ON LANGUAGE c TO PUBLIC; -- fail
-SET SESSION AUTHORIZATION regress_user1;
-GRANT USAGE ON LANGUAGE sql TO regress_user2; -- fail
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT USAGE ON LANGUAGE sql TO regress_priv_user2; -- fail
CREATE FUNCTION testfunc1(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql;
CREATE FUNCTION testfunc2(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testagg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testproc1(int) AS 'select $1;' LANGUAGE sql;
REVOKE ALL ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) FROM PUBLIC;
-GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_user2;
+GRANT EXECUTE ON FUNCTION testfunc1(int), testfunc2(int), testagg1(int) TO regress_priv_user2;
REVOKE ALL ON FUNCTION testproc1(int) FROM PUBLIC; -- fail, not a function
REVOKE ALL ON PROCEDURE testproc1(int) FROM PUBLIC;
-GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_user2;
-GRANT USAGE ON FUNCTION testfunc1(int) TO regress_user3; -- semantic error
-GRANT USAGE ON FUNCTION testagg1(int) TO regress_user3; -- semantic error
-GRANT USAGE ON PROCEDURE testproc1(int) TO regress_user3; -- semantic error
-GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_user4;
-GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_user4;
-GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_user4;
-GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_user4;
+GRANT EXECUTE ON PROCEDURE testproc1(int) TO regress_priv_user2;
+GRANT USAGE ON FUNCTION testfunc1(int) TO regress_priv_user3; -- semantic error
+GRANT USAGE ON FUNCTION testagg1(int) TO regress_priv_user3; -- semantic error
+GRANT USAGE ON PROCEDURE testproc1(int) TO regress_priv_user3; -- semantic error
+GRANT ALL PRIVILEGES ON FUNCTION testfunc1(int) TO regress_priv_user4;
+GRANT ALL PRIVILEGES ON FUNCTION testfunc_nosuch(int) TO regress_priv_user4;
+GRANT ALL PRIVILEGES ON FUNCTION testagg1(int) TO regress_priv_user4;
+GRANT ALL PRIVILEGES ON PROCEDURE testproc1(int) TO regress_priv_user4;
CREATE FUNCTION testfunc4(boolean) RETURNS text
AS 'select col1 from atest2 where col2 = $1;'
LANGUAGE sql SECURITY DEFINER;
-GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_user3;
+GRANT EXECUTE ON FUNCTION testfunc4(boolean) TO regress_priv_user3;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT testfunc1(5), testfunc2(5); -- ok
CREATE FUNCTION testfunc3(int) RETURNS int AS 'select 2 * $1;' LANGUAGE sql; -- fail
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok
CALL testproc1(6); -- ok
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
SELECT testfunc1(5); -- fail
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- fail
CALL testproc1(6); -- fail
SELECT col1 FROM atest2 WHERE col2 = true; -- fail
SELECT testfunc4(true); -- ok
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT testfunc1(5); -- ok
SELECT testagg1(x) FROM (VALUES (1), (2), (3)) _(x); -- ok
CALL testproc1(6); -- ok
SELECT '{1}'::int4[]::int8[];
REVOKE ALL ON FUNCTION int8(integer) FROM PUBLIC;
SELECT '{1}'::int4[]::int8[]; --superuser, suceed
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT '{1}'::int4[]::int8[]; --other user, fail
ROLLBACK;
CREATE TYPE testtype1 AS (a int, b text);
REVOKE USAGE ON TYPE testtype1 FROM PUBLIC;
-GRANT USAGE ON TYPE testtype1 TO regress_user2;
-GRANT USAGE ON TYPE _testtype1 TO regress_user2; -- fail
-GRANT USAGE ON DOMAIN testtype1 TO regress_user2; -- fail
+GRANT USAGE ON TYPE testtype1 TO regress_priv_user2;
+GRANT USAGE ON TYPE _testtype1 TO regress_priv_user2; -- fail
+GRANT USAGE ON DOMAIN testtype1 TO regress_priv_user2; -- fail
CREATE DOMAIN testdomain1 AS int;
REVOKE USAGE on DOMAIN testdomain1 FROM PUBLIC;
-GRANT USAGE ON DOMAIN testdomain1 TO regress_user2;
-GRANT USAGE ON TYPE testdomain1 TO regress_user2; -- ok
+GRANT USAGE ON DOMAIN testdomain1 TO regress_priv_user2;
+GRANT USAGE ON TYPE testdomain1 TO regress_priv_user2; -- ok
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
-- commands that should fail
REVOKE ALL ON TYPE testtype1 FROM PUBLIC;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
-- commands that should succeed
-- truncate
-SET SESSION AUTHORIZATION regress_user5;
+SET SESSION AUTHORIZATION regress_priv_user5;
TRUNCATE atest2; -- ok
TRUNCATE atest3; -- fail
from (select oid from pg_class where relname = 'pg_authid') as t1;
-- non-superuser
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
select has_table_privilege(current_user,'pg_class','select');
select has_table_privilege(current_user,'pg_class','insert');
-- Grant options
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
CREATE TABLE atest4 (a int);
-GRANT SELECT ON atest4 TO regress_user2 WITH GRANT OPTION;
-GRANT UPDATE ON atest4 TO regress_user2;
-GRANT SELECT ON atest4 TO GROUP regress_group1 WITH GRANT OPTION;
+GRANT SELECT ON atest4 TO regress_priv_user2 WITH GRANT OPTION;
+GRANT UPDATE ON atest4 TO regress_priv_user2;
+GRANT SELECT ON atest4 TO GROUP regress_priv_group1 WITH GRANT OPTION;
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
-GRANT SELECT ON atest4 TO regress_user3;
-GRANT UPDATE ON atest4 TO regress_user3; -- fail
+GRANT SELECT ON atest4 TO regress_priv_user3;
+GRANT UPDATE ON atest4 TO regress_priv_user3; -- fail
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
-REVOKE SELECT ON atest4 FROM regress_user3; -- does nothing
-SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- true
-REVOKE SELECT ON atest4 FROM regress_user2; -- fail
-REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_user2 CASCADE; -- ok
-SELECT has_table_privilege('regress_user2', 'atest4', 'SELECT'); -- true
-SELECT has_table_privilege('regress_user3', 'atest4', 'SELECT'); -- false
+REVOKE SELECT ON atest4 FROM regress_priv_user3; -- does nothing
+SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- true
+REVOKE SELECT ON atest4 FROM regress_priv_user2; -- fail
+REVOKE GRANT OPTION FOR SELECT ON atest4 FROM regress_priv_user2 CASCADE; -- ok
+SELECT has_table_privilege('regress_priv_user2', 'atest4', 'SELECT'); -- true
+SELECT has_table_privilege('regress_priv_user3', 'atest4', 'SELECT'); -- false
-SELECT has_table_privilege('regress_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
+SELECT has_table_privilege('regress_priv_user1', 'atest4', 'SELECT WITH GRANT OPTION'); -- true
-- Admin options
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
CREATE FUNCTION dogrant_ok() RETURNS void LANGUAGE sql SECURITY DEFINER AS
- 'GRANT regress_group2 TO regress_user5';
-GRANT regress_group2 TO regress_user5; -- ok: had ADMIN OPTION
-SET ROLE regress_group2;
-GRANT regress_group2 TO regress_user5; -- fails: SET ROLE suspended privilege
+ 'GRANT regress_priv_group2 TO regress_priv_user5';
+GRANT regress_priv_group2 TO regress_priv_user5; -- ok: had ADMIN OPTION
+SET ROLE regress_priv_group2;
+GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE suspended privilege
-SET SESSION AUTHORIZATION regress_user1;
-GRANT regress_group2 TO regress_user5; -- fails: no ADMIN OPTION
+SET SESSION AUTHORIZATION regress_priv_user1;
+GRANT regress_priv_group2 TO regress_priv_user5; -- fails: no ADMIN OPTION
SELECT dogrant_ok(); -- ok: SECURITY DEFINER conveys ADMIN
-SET ROLE regress_group2;
-GRANT regress_group2 TO regress_user5; -- fails: SET ROLE did not help
+SET ROLE regress_priv_group2;
+GRANT regress_priv_group2 TO regress_priv_user5; -- fails: SET ROLE did not help
-SET SESSION AUTHORIZATION regress_group2;
-GRANT regress_group2 TO regress_user5; -- ok: a role can self-admin
+SET SESSION AUTHORIZATION regress_priv_group2;
+GRANT regress_priv_group2 TO regress_priv_user5; -- ok: a role can self-admin
CREATE FUNCTION dogrant_fails() RETURNS void LANGUAGE sql SECURITY DEFINER AS
- 'GRANT regress_group2 TO regress_user5';
+ 'GRANT regress_priv_group2 TO regress_priv_user5';
SELECT dogrant_fails(); -- fails: no self-admin in SECURITY DEFINER
DROP FUNCTION dogrant_fails();
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
DROP FUNCTION dogrant_ok();
-REVOKE regress_group2 FROM regress_user5;
+REVOKE regress_priv_group2 FROM regress_priv_user5;
-- has_sequence_privilege tests
CREATE SEQUENCE x_seq;
-GRANT USAGE on x_seq to regress_user2;
+GRANT USAGE on x_seq to regress_priv_user2;
-SELECT has_sequence_privilege('regress_user1', 'atest1', 'SELECT');
-SELECT has_sequence_privilege('regress_user1', 'x_seq', 'INSERT');
-SELECT has_sequence_privilege('regress_user1', 'x_seq', 'SELECT');
+SELECT has_sequence_privilege('regress_priv_user1', 'atest1', 'SELECT');
+SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'INSERT');
+SELECT has_sequence_privilege('regress_priv_user1', 'x_seq', 'SELECT');
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT has_sequence_privilege('x_seq', 'USAGE');
-- largeobject privilege tests
\c -
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT lo_create(1001);
SELECT lo_create(1002);
SELECT lo_create(1005);
GRANT ALL ON LARGE OBJECT 1001 TO PUBLIC;
-GRANT SELECT ON LARGE OBJECT 1003 TO regress_user2;
-GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_user2;
-GRANT ALL ON LARGE OBJECT 1005 TO regress_user2;
-GRANT SELECT ON LARGE OBJECT 1005 TO regress_user2 WITH GRANT OPTION;
+GRANT SELECT ON LARGE OBJECT 1003 TO regress_priv_user2;
+GRANT SELECT,UPDATE ON LARGE OBJECT 1004 TO regress_priv_user2;
+GRANT ALL ON LARGE OBJECT 1005 TO regress_priv_user2;
+GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user2 WITH GRANT OPTION;
GRANT SELECT, INSERT ON LARGE OBJECT 1001 TO PUBLIC; -- to be failed
GRANT SELECT, UPDATE ON LARGE OBJECT 1001 TO nosuchuser; -- to be failed
GRANT SELECT, UPDATE ON LARGE OBJECT 999 TO PUBLIC; -- to be failed
\c -
-SET SESSION AUTHORIZATION regress_user2;
+SET SESSION AUTHORIZATION regress_priv_user2;
SELECT lo_create(2001);
SELECT lo_create(2002);
SELECT lowrite(lo_open(1003, x'20000'::int), 'abcd'); -- to be denied
SELECT lowrite(lo_open(1004, x'20000'::int), 'abcd');
-GRANT SELECT ON LARGE OBJECT 1005 TO regress_user3;
-GRANT UPDATE ON LARGE OBJECT 1006 TO regress_user3; -- to be denied
+GRANT SELECT ON LARGE OBJECT 1005 TO regress_priv_user3;
+GRANT UPDATE ON LARGE OBJECT 1006 TO regress_priv_user3; -- to be denied
REVOKE ALL ON LARGE OBJECT 2001, 2002 FROM PUBLIC;
-GRANT ALL ON LARGE OBJECT 2001 TO regress_user3;
+GRANT ALL ON LARGE OBJECT 2001 TO regress_priv_user3;
SELECT lo_unlink(1001); -- to be denied
SELECT lo_unlink(2002);
-- confirm ACL setting
SELECT oid, pg_get_userbyid(lomowner) ownername, lomacl FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
-SET SESSION AUTHORIZATION regress_user3;
+SET SESSION AUTHORIZATION regress_priv_user3;
SELECT loread(lo_open(1001, x'40000'::int), 32);
SELECT loread(lo_open(1003, x'40000'::int), 32); -- to be denied
-- compatibility mode in largeobject permission
\c -
SET lo_compat_privileges = false; -- default setting
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32); -- to be denied
SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd'); -- to be denied
\c -
SET lo_compat_privileges = true; -- compatibility mode
-SET SESSION AUTHORIZATION regress_user4;
+SET SESSION AUTHORIZATION regress_priv_user4;
SELECT loread(lo_open(1002, x'40000'::int), 32);
SELECT lowrite(lo_open(1002, x'20000'::int), 'abcd');
\c -
SELECT * FROM pg_largeobject LIMIT 0;
-SET SESSION AUTHORIZATION regress_user1;
+SET SESSION AUTHORIZATION regress_priv_user1;
SELECT * FROM pg_largeobject LIMIT 0; -- to be denied
-- test default ACLs
\c -
CREATE SCHEMA testns;
-GRANT ALL ON SCHEMA testns TO regress_user1;
+GRANT ALL ON SCHEMA testns TO regress_priv_user1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT SELECT ON TABLES TO public;
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- no
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_user1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT INSERT ON TABLES TO regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- yes
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_user1;
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns REVOKE INSERT ON TABLES FROM regress_priv_user1;
DROP TABLE testns.acltest1;
CREATE TABLE testns.acltest1 (x int);
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'SELECT'); -- yes
-SELECT has_table_privilege('regress_user1', 'testns.acltest1', 'INSERT'); -- no
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'SELECT'); -- yes
+SELECT has_table_privilege('regress_priv_user1', 'testns.acltest1', 'INSERT'); -- no
-ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
+ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE EXECUTE ON FUNCTIONS FROM public;
-ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_user2; -- error
+ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON SCHEMAS TO regress_priv_user2; -- error
-ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_user2;
+ALTER DEFAULT PRIVILEGES GRANT USAGE ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns2;
-SELECT has_schema_privilege('regress_user2', 'testns2', 'USAGE'); -- yes
-SELECT has_schema_privilege('regress_user2', 'testns2', 'CREATE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'USAGE'); -- yes
+SELECT has_schema_privilege('regress_priv_user2', 'testns2', 'CREATE'); -- no
-ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_user2;
+ALTER DEFAULT PRIVILEGES REVOKE USAGE ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns3;
-SELECT has_schema_privilege('regress_user2', 'testns3', 'USAGE'); -- no
-SELECT has_schema_privilege('regress_user2', 'testns3', 'CREATE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'USAGE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns3', 'CREATE'); -- no
-ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_user2;
+ALTER DEFAULT PRIVILEGES GRANT ALL ON SCHEMAS TO regress_priv_user2;
CREATE SCHEMA testns4;
-SELECT has_schema_privilege('regress_user2', 'testns4', 'USAGE'); -- yes
-SELECT has_schema_privilege('regress_user2', 'testns4', 'CREATE'); -- yes
+SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'USAGE'); -- yes
+SELECT has_schema_privilege('regress_priv_user2', 'testns4', 'CREATE'); -- yes
-ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_user2;
+ALTER DEFAULT PRIVILEGES REVOKE ALL ON SCHEMAS FROM regress_priv_user2;
CREATE SCHEMA testns5;
-SELECT has_schema_privilege('regress_user2', 'testns5', 'USAGE'); -- no
-SELECT has_schema_privilege('regress_user2', 'testns5', 'CREATE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'USAGE'); -- no
+SELECT has_schema_privilege('regress_priv_user2', 'testns5', 'CREATE'); -- no
-SET ROLE regress_user1;
+SET ROLE regress_priv_user1;
CREATE FUNCTION testns.foo() RETURNS int AS 'select 1' LANGUAGE sql;
CREATE AGGREGATE testns.agg1(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
-SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- no
-SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
-SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- no
+SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- no
+SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- no
+SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT EXECUTE ON ROUTINES to public;
DROP PROCEDURE testns.bar();
CREATE PROCEDURE testns.bar() AS 'select 1' LANGUAGE sql;
-SELECT has_function_privilege('regress_user2', 'testns.foo()', 'EXECUTE'); -- yes
-SELECT has_function_privilege('regress_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
-SELECT has_function_privilege('regress_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
+SELECT has_function_privilege('regress_priv_user2', 'testns.foo()', 'EXECUTE'); -- yes
+SELECT has_function_privilege('regress_priv_user2', 'testns.agg1(int)', 'EXECUTE'); -- yes
+SELECT has_function_privilege('regress_priv_user2', 'testns.bar()', 'EXECUTE'); -- yes (counts as function here)
DROP FUNCTION testns.foo();
DROP AGGREGATE testns.agg1(int);
DROP PROCEDURE testns.bar();
-ALTER DEFAULT PRIVILEGES FOR ROLE regress_user1 REVOKE USAGE ON TYPES FROM public;
+ALTER DEFAULT PRIVILEGES FOR ROLE regress_priv_user1 REVOKE USAGE ON TYPES FROM public;
CREATE DOMAIN testns.testdomain1 AS int;
-SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- no
+SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- no
ALTER DEFAULT PRIVILEGES IN SCHEMA testns GRANT USAGE ON TYPES to public;
DROP DOMAIN testns.testdomain1;
CREATE DOMAIN testns.testdomain1 AS int;
-SELECT has_type_privilege('regress_user2', 'testns.testdomain1', 'USAGE'); -- yes
+SELECT has_type_privilege('regress_priv_user2', 'testns.testdomain1', 'USAGE'); -- yes
DROP DOMAIN testns.testdomain1;
CREATE TABLE testns.t1 (f1 int);
CREATE TABLE testns.t2 (f1 int);
-SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
+SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
-GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_user1;
+GRANT ALL ON ALL TABLES IN SCHEMA testns TO regress_priv_user1;
-SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- true
-SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- true
+SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- true
+SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- true
-REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_user1;
+REVOKE ALL ON ALL TABLES IN SCHEMA testns FROM regress_priv_user1;
-SELECT has_table_privilege('regress_user1', 'testns.t1', 'SELECT'); -- false
-SELECT has_table_privilege('regress_user1', 'testns.t2', 'SELECT'); -- false
+SELECT has_table_privilege('regress_priv_user1', 'testns.t1', 'SELECT'); -- false
+SELECT has_table_privilege('regress_priv_user1', 'testns.t2', 'SELECT'); -- false
CREATE FUNCTION testns.testfunc(int) RETURNS int AS 'select 3 * $1;' LANGUAGE sql;
CREATE AGGREGATE testns.testagg(int) (sfunc = int4pl, stype = int4);
CREATE PROCEDURE testns.testproc(int) AS 'select 3' LANGUAGE sql;
-SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
-SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
+SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true by default
+SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true by default
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true by default
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA testns FROM PUBLIC;
-SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
-SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
+SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- false
+SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- false
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- still true, not a function
REVOKE ALL ON ALL PROCEDURES IN SCHEMA testns FROM PUBLIC;
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- now false
GRANT ALL ON ALL ROUTINES IN SCHEMA testns TO PUBLIC;
-SELECT has_function_privilege('regress_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
-SELECT has_function_privilege('regress_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
-SELECT has_function_privilege('regress_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
+SELECT has_function_privilege('regress_priv_user1', 'testns.testfunc(int)', 'EXECUTE'); -- true
+SELECT has_function_privilege('regress_priv_user1', 'testns.testagg(int)', 'EXECUTE'); -- true
+SELECT has_function_privilege('regress_priv_user1', 'testns.testproc(int)', 'EXECUTE'); -- true
\set VERBOSITY terse \\ -- suppress cascade details
DROP SCHEMA testns CASCADE;
-- test that dependent privileges are revoked (or not) properly
\c -
-set session role regress_user1;
+set session role regress_priv_user1;
create table dep_priv_test (a int);
-grant select on dep_priv_test to regress_user2 with grant option;
-grant select on dep_priv_test to regress_user3 with grant option;
-set session role regress_user2;
-grant select on dep_priv_test to regress_user4 with grant option;
-set session role regress_user3;
-grant select on dep_priv_test to regress_user4 with grant option;
-set session role regress_user4;
-grant select on dep_priv_test to regress_user5;
+grant select on dep_priv_test to regress_priv_user2 with grant option;
+grant select on dep_priv_test to regress_priv_user3 with grant option;
+set session role regress_priv_user2;
+grant select on dep_priv_test to regress_priv_user4 with grant option;
+set session role regress_priv_user3;
+grant select on dep_priv_test to regress_priv_user4 with grant option;
+set session role regress_priv_user4;
+grant select on dep_priv_test to regress_priv_user5;
\dp dep_priv_test
-set session role regress_user2;
-revoke select on dep_priv_test from regress_user4 cascade;
+set session role regress_priv_user2;
+revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
-set session role regress_user3;
-revoke select on dep_priv_test from regress_user4 cascade;
+set session role regress_priv_user3;
+revoke select on dep_priv_test from regress_priv_user4 cascade;
\dp dep_priv_test
-set session role regress_user1;
+set session role regress_priv_user1;
drop table dep_priv_test;
SELECT lo_unlink(oid) FROM pg_largeobject_metadata WHERE oid >= 1000 AND oid < 3000 ORDER BY oid;
-DROP GROUP regress_group1;
-DROP GROUP regress_group2;
+DROP GROUP regress_priv_group1;
+DROP GROUP regress_priv_group2;
-- these are needed to clean up permissions
-REVOKE USAGE ON LANGUAGE sql FROM regress_user1;
-DROP OWNED BY regress_user1;
-
-DROP USER regress_user1;
-DROP USER regress_user2;
-DROP USER regress_user3;
-DROP USER regress_user4;
-DROP USER regress_user5;
-DROP USER regress_user6;
+REVOKE USAGE ON LANGUAGE sql FROM regress_priv_user1;
+DROP OWNED BY regress_priv_user1;
+
+DROP USER regress_priv_user1;
+DROP USER regress_priv_user2;
+DROP USER regress_priv_user3;
+DROP USER regress_priv_user4;
+DROP USER regress_priv_user5;
+DROP USER regress_priv_user6;
-- permissions with LOCK TABLE
SET ROLE pg_signal_backend; --success
RESET ROLE;
-CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success
+CREATE SCHEMA test_roles_schema AUTHORIZATION pg_signal_backend; --success
SET ROLE regress_testrol2;
UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_';
-- clean up
\c
-DROP SCHEMA test_schema;
+DROP SCHEMA test_roles_schema;
DROP OWNED BY regress_testrol0, "Public", "current_user", regress_testrol1, regress_testrol2, regress_testrolx CASCADE;
DROP ROLE regress_testrol0, regress_testrol1, regress_testrol2, regress_testrolx;
DROP ROLE "Public", "None", "current_user", "session_user", "user";
projects / postgresql / commitdiff