Skip to content

Commit be90032

Browse files
robertmhaasrobertmhaas
committed
Remove partial and undocumented GRANT .. FOREIGN TABLE support.
Instead, foreign tables are treated just like views: permissions can be granted using GRANT privilege ON [TABLE] foreign_table_name TO role, and revoked similarly. GRANT/REVOKE .. FOREIGN TABLE is no longer supported, just as we don't support GRANT/REVOKE .. VIEW. The set of accepted permissions for foreign tables is now identical to the set for regular tables, and views. Per report from Thom Brown, and subsequent discussion.
1 parent af0f200 commit be90032

File tree

6 files changed

+2
-69
lines changed

6 files changed

+2
-69
lines changed

doc/src/sgml/ref/grant.sgml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -80,8 +80,8 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
8080

8181
<para>
8282
The <command>GRANT</command> command has two basic variants: one
83-
that grants privileges on a database object (table, column, view, sequence,
84-
database, foreign-data wrapper, foreign server, function,
83+
that grants privileges on a database object (table, column, view, foreign
84+
table, sequence, database, foreign-data wrapper, foreign server, function,
8585
procedural language, schema, or tablespace), and one that grants
8686
membership in a role. These variants are similar in many ways, but
8787
they are different enough to be described separately.

src/backend/catalog/aclchk.c

Lines changed: 0 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -274,9 +274,6 @@ restrict_and_check_grant(bool is_grant, AclMode avail_goptions, bool all_privs,
274274
case ACL_KIND_FOREIGN_SERVER:
275275
whole_mask = ACL_ALL_RIGHTS_FOREIGN_SERVER;
276276
break;
277-
case ACL_KIND_FOREIGN_TABLE:
278-
whole_mask = ACL_ALL_RIGHTS_FOREIGN_TABLE;
279-
break;
280277
default:
281278
elog(ERROR, "unrecognized object kind: %d", objkind);
282279
/* not reached, but keep compiler quiet */
@@ -480,10 +477,6 @@ ExecuteGrantStmt(GrantStmt *stmt)
480477
all_privileges = ACL_ALL_RIGHTS_FOREIGN_SERVER;
481478
errormsg = gettext_noop("invalid privilege type %s for foreign server");
482479
break;
483-
case ACL_OBJECT_FOREIGN_TABLE:
484-
all_privileges = ACL_ALL_RIGHTS_FOREIGN_TABLE;
485-
errormsg = gettext_noop("invalid privilege type %s for foreign table");
486-
break;
487480
default:
488481
elog(ERROR, "unrecognized GrantStmt.objtype: %d",
489482
(int) stmt->objtype);
@@ -554,7 +547,6 @@ ExecGrantStmt_oids(InternalGrant *istmt)
554547
{
555548
case ACL_OBJECT_RELATION:
556549
case ACL_OBJECT_SEQUENCE:
557-
case ACL_OBJECT_FOREIGN_TABLE:
558550
ExecGrant_Relation(istmt);
559551
break;
560552
case ACL_OBJECT_DATABASE:
@@ -604,7 +596,6 @@ objectNamesToOids(GrantObjectType objtype, List *objnames)
604596
{
605597
case ACL_OBJECT_RELATION:
606598
case ACL_OBJECT_SEQUENCE:
607-
case ACL_OBJECT_FOREIGN_TABLE:
608599
foreach(cell, objnames)
609600
{
610601
RangeVar *relvar = (RangeVar *) lfirst(cell);
@@ -1702,21 +1693,11 @@ ExecGrant_Relation(InternalGrant *istmt)
17021693
errmsg("\"%s\" is not a sequence",
17031694
NameStr(pg_class_tuple->relname))));
17041695

1705-
/* Used GRANT FOREIGN TABLE on a non-foreign-table? */
1706-
if (istmt->objtype == ACL_OBJECT_FOREIGN_TABLE &&
1707-
pg_class_tuple->relkind != RELKIND_FOREIGN_TABLE)
1708-
ereport(ERROR,
1709-
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
1710-
errmsg("\"%s\" is not a foreign table",
1711-
NameStr(pg_class_tuple->relname))));
1712-
17131696
/* Adjust the default permissions based on object type */
17141697
if (istmt->all_privs && istmt->privileges == ACL_NO_RIGHTS)
17151698
{
17161699
if (pg_class_tuple->relkind == RELKIND_SEQUENCE)
17171700
this_privileges = ACL_ALL_RIGHTS_SEQUENCE;
1718-
else if (pg_class_tuple->relkind == RELKIND_FOREIGN_TABLE)
1719-
this_privileges = ACL_ALL_RIGHTS_FOREIGN_TABLE;
17201701
else
17211702
this_privileges = ACL_ALL_RIGHTS_RELATION;
17221703
}
@@ -1752,16 +1733,6 @@ ExecGrant_Relation(InternalGrant *istmt)
17521733
this_privileges &= (AclMode) ACL_ALL_RIGHTS_SEQUENCE;
17531734
}
17541735
}
1755-
else if (pg_class_tuple->relkind == RELKIND_FOREIGN_TABLE)
1756-
{
1757-
if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_FOREIGN_TABLE))
1758-
{
1759-
ereport(ERROR,
1760-
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
1761-
errmsg("foreign table \"%s\" only supports SELECT privileges",
1762-
NameStr(pg_class_tuple->relname))));
1763-
}
1764-
}
17651736
else
17661737
{
17671738
if (this_privileges & ~((AclMode) ACL_ALL_RIGHTS_RELATION))
@@ -1819,9 +1790,6 @@ ExecGrant_Relation(InternalGrant *istmt)
18191790
case RELKIND_SEQUENCE:
18201791
old_acl = acldefault(ACL_OBJECT_SEQUENCE, ownerId);
18211792
break;
1822-
case RELKIND_FOREIGN_TABLE:
1823-
old_acl = acldefault(ACL_OBJECT_FOREIGN_TABLE, ownerId);
1824-
break;
18251793
default:
18261794
old_acl = acldefault(ACL_OBJECT_RELATION, ownerId);
18271795
break;
@@ -1866,9 +1834,6 @@ ExecGrant_Relation(InternalGrant *istmt)
18661834
case RELKIND_SEQUENCE:
18671835
aclkind = ACL_KIND_SEQUENCE;
18681836
break;
1869-
case RELKIND_FOREIGN_TABLE:
1870-
aclkind = ACL_KIND_FOREIGN_TABLE;
1871-
break;
18721837
default:
18731838
aclkind = ACL_KIND_CLASS;
18741839
break;
@@ -1963,16 +1928,6 @@ ExecGrant_Relation(InternalGrant *istmt)
19631928

19641929
this_privileges &= (AclMode) ACL_SELECT;
19651930
}
1966-
else if (pg_class_tuple->relkind == RELKIND_FOREIGN_TABLE &&
1967-
this_privileges & ~((AclMode) ACL_SELECT))
1968-
{
1969-
/* Foreign tables have the same restriction as sequences. */
1970-
ereport(WARNING,
1971-
(errcode(ERRCODE_INVALID_GRANT_OPERATION),
1972-
errmsg("foreign table \"%s\" only supports SELECT column privileges",
1973-
NameStr(pg_class_tuple->relname))));
1974-
this_privileges &= (AclMode) ACL_SELECT;
1975-
}
19761931

19771932
expand_col_privileges(col_privs->cols, relOid,
19781933
this_privileges,
@@ -3147,8 +3102,6 @@ static const char *const no_priv_msg[MAX_ACL_KIND] =
31473102
gettext_noop("permission denied for foreign-data wrapper %s"),
31483103
/* ACL_KIND_FOREIGN_SERVER */
31493104
gettext_noop("permission denied for foreign server %s"),
3150-
/* ACL_KIND_FOREIGN_TABLE */
3151-
gettext_noop("permission denied for foreign table %s"),
31523105
/* ACL_KIND_EXTENSION */
31533106
gettext_noop("permission denied for extension %s"),
31543107
};
@@ -3193,8 +3146,6 @@ static const char *const not_owner_msg[MAX_ACL_KIND] =
31933146
gettext_noop("must be owner of foreign-data wrapper %s"),
31943147
/* ACL_KIND_FOREIGN_SERVER */
31953148
gettext_noop("must be owner of foreign server %s"),
3196-
/* ACL_KIND_FOREIGN_TABLE */
3197-
gettext_noop("must be owner of foreign table %s"),
31983149
/* ACL_KIND_EXTENSION */
31993150
gettext_noop("must be owner of extension %s"),
32003151
};
@@ -3491,9 +3442,6 @@ pg_class_aclmask(Oid table_oid, Oid roleid,
34913442
case RELKIND_SEQUENCE:
34923443
acl = acldefault(ACL_OBJECT_SEQUENCE, ownerId);
34933444
break;
3494-
case RELKIND_FOREIGN_TABLE:
3495-
acl = acldefault(ACL_OBJECT_FOREIGN_TABLE, ownerId);
3496-
break;
34973445
default:
34983446
acl = acldefault(ACL_OBJECT_RELATION, ownerId);
34993447
break;

src/backend/parser/gram.y

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -5408,14 +5408,6 @@ privilege_target:
54085408
n->objs = $3;
54095409
$$ = n;
54105410
}
5411-
| FOREIGN TABLE qualified_name_list
5412-
{
5413-
PrivTarget *n = (PrivTarget *) palloc(sizeof(PrivTarget));
5414-
n->targtype = ACL_TARGET_OBJECT;
5415-
n->objtype = ACL_OBJECT_FOREIGN_TABLE;
5416-
n->objs = $3;
5417-
$$ = n;
5418-
}
54195411
| FUNCTION function_with_argtypes_list
54205412
{
54215413
PrivTarget *n = (PrivTarget *) palloc(sizeof(PrivTarget));

src/backend/utils/adt/acl.c

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -782,10 +782,6 @@ acldefault(GrantObjectType objtype, Oid ownerId)
782782
world_default = ACL_NO_RIGHTS;
783783
owner_default = ACL_ALL_RIGHTS_FOREIGN_SERVER;
784784
break;
785-
case ACL_OBJECT_FOREIGN_TABLE:
786-
world_default = ACL_NO_RIGHTS;
787-
owner_default = ACL_ALL_RIGHTS_FOREIGN_TABLE;
788-
break;
789785
default:
790786
elog(ERROR, "unrecognized objtype: %d", (int) objtype);
791787
world_default = ACL_NO_RIGHTS; /* keep compiler quiet */

src/include/nodes/parsenodes.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1282,7 +1282,6 @@ typedef enum GrantObjectType
12821282
ACL_OBJECT_DATABASE, /* database */
12831283
ACL_OBJECT_FDW, /* foreign-data wrapper */
12841284
ACL_OBJECT_FOREIGN_SERVER, /* foreign server */
1285-
ACL_OBJECT_FOREIGN_TABLE, /* foreign table */
12861285
ACL_OBJECT_FUNCTION, /* function */
12871286
ACL_OBJECT_LANGUAGE, /* procedural language */
12881287
ACL_OBJECT_LARGEOBJECT, /* largeobject */

src/include/utils/acl.h

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,6 @@ typedef ArrayType Acl;
150150
#define ACL_ALL_RIGHTS_DATABASE (ACL_CREATE|ACL_CREATE_TEMP|ACL_CONNECT)
151151
#define ACL_ALL_RIGHTS_FDW (ACL_USAGE)
152152
#define ACL_ALL_RIGHTS_FOREIGN_SERVER (ACL_USAGE)
153-
#define ACL_ALL_RIGHTS_FOREIGN_TABLE (ACL_SELECT)
154153
#define ACL_ALL_RIGHTS_FUNCTION (ACL_EXECUTE)
155154
#define ACL_ALL_RIGHTS_LANGUAGE (ACL_USAGE)
156155
#define ACL_ALL_RIGHTS_LARGEOBJECT (ACL_SELECT|ACL_UPDATE)
@@ -195,7 +194,6 @@ typedef enum AclObjectKind
195194
ACL_KIND_TSCONFIGURATION, /* pg_ts_config */
196195
ACL_KIND_FDW, /* pg_foreign_data_wrapper */
197196
ACL_KIND_FOREIGN_SERVER, /* pg_foreign_server */
198-
ACL_KIND_FOREIGN_TABLE, /* pg_foreign_table */
199197
ACL_KIND_EXTENSION, /* pg_extension */
200198
MAX_ACL_KIND /* MUST BE LAST */
201199
} AclObjectKind;

0 commit comments

Comments
 (0)