Skip to content

Commit 5f4a311

Browse files
tglsfdctglsfdc
committed
Remove ALTER DEFAULT PRIVILEGES' requirement of schema CREATE permissions.
Per discussion, this restriction isn't needed for any real security reason, and it seems to confuse people more often than it helps them. It could also result in some database states being unrestorable. So just drop it. Back-patch to 9.0, where ALTER DEFAULT PRIVILEGES was introduced.
1 parent a9ec978 commit 5f4a311

File tree

2 files changed

+14
-15
lines changed

2 files changed

+14
-15
lines changed

doc/src/sgml/ref/alter_default_privileges.sgml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -121,8 +121,8 @@ REVOKE [ GRANT OPTION FOR ]
121121
<term><replaceable>schema_name</replaceable></term>
122122
<listitem>
123123
<para>
124-
The name of an existing schema. Each <replaceable>target_role</>
125-
must have <literal>CREATE</> privileges for each specified schema.
124+
The name of an existing schema. If specified, the default privileges
125+
are altered for objects later created in that schema.
126126
If <literal>IN SCHEMA</> is omitted, the global default privileges
127127
are altered.
128128
</para>

src/backend/catalog/aclchk.c

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1030,27 +1030,26 @@ SetDefaultACLsInSchemas(InternalDefaultACL *iacls, List *nspnames)
10301030
}
10311031
else
10321032
{
1033-
/* Look up the schema OIDs and do permissions checks */
1033+
/* Look up the schema OIDs and set permissions for each one */
10341034
ListCell *nspcell;
10351035

10361036
foreach(nspcell, nspnames)
10371037
{
10381038
char *nspname = strVal(lfirst(nspcell));
1039-
AclResult aclresult;
10401039

1041-
/*
1042-
* Note that we must do the permissions check against the target
1043-
* role not the calling user. We require CREATE privileges, since
1044-
* without CREATE you won't be able to do anything using the
1045-
* default privs anyway.
1046-
*/
10471040
iacls->nspid = get_namespace_oid(nspname, false);
10481041

1049-
aclresult = pg_namespace_aclcheck(iacls->nspid, iacls->roleid,
1050-
ACL_CREATE);
1051-
if (aclresult != ACLCHECK_OK)
1052-
aclcheck_error(aclresult, ACL_KIND_NAMESPACE,
1053-
nspname);
1042+
/*
1043+
* We used to insist that the target role have CREATE privileges
1044+
* on the schema, since without that it wouldn't be able to create
1045+
* an object for which these default privileges would apply.
1046+
* However, this check proved to be more confusing than helpful,
1047+
* and it also caused certain database states to not be
1048+
* dumpable/restorable, since revoking CREATE doesn't cause
1049+
* default privileges for the schema to go away. So now, we just
1050+
* allow the ALTER; if the user lacks CREATE he'll find out when
1051+
* he tries to create an object.
1052+
*/
10541053

10551054
SetDefaultACL(iacls);
10561055
}

0 commit comments

Comments
 (0)