From 1476a94a48eec20b5884a0a2043aa28204155d33 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 9 Jun 2013 15:27:00 -0400 Subject: [PATCH] Remove ALTER DEFAULT PRIVILEGES' requirement of schema CREATE permissions. Per discussion, this restriction isn't needed for any real security reason, and it seems to confuse people more often than it helps them. It could also result in some database states being unrestorable. So just drop it. Back-patch to 9.0, where ALTER DEFAULT PRIVILEGES was introduced. --- .../sgml/ref/alter_default_privileges.sgml | 4 +-- src/backend/catalog/aclchk.c | 26 +++++++++---------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/doc/src/sgml/ref/alter_default_privileges.sgml b/doc/src/sgml/ref/alter_default_privileges.sgml index 2099c3471e..f12a1eb781 100644 --- a/doc/src/sgml/ref/alter_default_privileges.sgml +++ b/doc/src/sgml/ref/alter_default_privileges.sgml @@ -111,8 +111,8 @@ REVOKE [ GRANT OPTION FOR ] schema_name - The name of an existing schema. Each target_role - must have CREATE privileges for each specified schema. + The name of an existing schema. If specified, the default privileges + are altered for objects later created in that schema. If IN SCHEMA is omitted, the global default privileges are altered. diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index ea49b74678..2eea06515d 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -1028,21 +1028,13 @@ SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames) } else { - /* Look up the schema OIDs and do permissions checks */ + /* Look up the schema OIDs and set permissions for each one */ ListCell *nspcell; foreach(nspcell, nspnames) { char *nspname = strVal(lfirst(nspcell)); - AclResult aclresult; - /* - * Normally we'd use LookupCreationNamespace here, but it's - * important to do the permissions check against the target role - * not the calling user, so write it out in full. We require - * CREATE privileges, since without CREATE you won't be able to do - * anything using the default privs anyway. - */ iacls->nspid = GetSysCacheOid1(NAMESPACENAME, CStringGetDatum(nspname)); if (!OidIsValid(iacls->nspid)) @@ -1050,11 +1042,17 @@ SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames) (errcode(ERRCODE_UNDEFINED_SCHEMA), errmsg("schema \"%s\" does not exist", nspname))); - aclresult = pg_namespace_aclcheck(iacls->nspid, iacls->roleid, - ACL_CREATE); - if (aclresult != ACLCHECK_OK) - aclcheck_error(aclresult, ACL_KIND_NAMESPACE, - nspname); + /* + * We used to insist that the target role have CREATE privileges + * on the schema, since without that it wouldn't be able to create + * an object for which these default privileges would apply. + * However, this check proved to be more confusing than helpful, + * and it also caused certain database states to not be + * dumpable/restorable, since revoking CREATE doesn't cause + * default privileges for the schema to go away. So now, we just + * allow the ALTER; if the user lacks CREATE he'll find out when + * he tries to create an object. + */ SetDefaultACL(iacls); } -- 2.50.0