Skip to content

Commit 0038773

Browse files
laurenzlaurenz
committed
Provide a sequence for "permission_target"
It is an improvement to have generated primary keys. Idea by Srikanth Medikonda.
1 parent 6aea80c commit 0038773

File tree

7 files changed

+526
-75
lines changed

7 files changed

+526
-75
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,2 @@
11
results
2+
regression.*

README.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -18,35 +18,35 @@ Let's assume we have a schema `appschema`, and `appuser` should have
1818
views in that schema:
1919

2020
INSERT INTO public.permission_target
21-
(id, role_name, permissions,
21+
(role_name, permissions,
2222
object_type, schema_name)
2323
VALUES
24-
(1, 'appuser', '{SELECT,INSERT,UPDATE,DELETE}',
24+
('appuser', '{SELECT,INSERT,UPDATE,DELETE}',
2525
'TABLE', 'appschema');
2626
INSERT INTO public.permission_target
27-
(id, role_name, permissions,
27+
(role_name, permissions,
2828
object_type, schema_name)
2929
VALUES
30-
(2, 'appuser', '{SELECT,INSERT,UPDATE,DELETE}',
30+
('appuser', '{SELECT,INSERT,UPDATE,DELETE}',
3131
'VIEW', 'appschema');
3232

3333
Of course, the user will need the `USAGE` privilege on the schema:
3434

3535
INSERT INTO public.permission_target
36-
(id, role_name, permissions,i
36+
(role_name, permissions,i
3737
object_type, schema_name)
3838
VALUES
39-
(3, 'appuser', '{USAGE}',
39+
('appuser', '{USAGE}',
4040
'SCHEMA', 'appschema');
4141

4242
The user also needs `USAGE` privileges on the `appseq` sequence in
4343
that schema:
4444

4545
INSERT INTO public.permission_target
46-
(id, role_name, permissions,
46+
(role_name, permissions,
4747
object_type, schema_name, object_name)
4848
VALUES
49-
(4, 'appuser', '{USAGE}',
49+
('appuser', '{USAGE}',
5050
'SEQUENCE', 'appschema', 'appseq');
5151

5252
Now we can review which permissions are missing and which additional

expected/sample.out

Lines changed: 33 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,14 @@ CREATE ROLE user2 LOGIN IN ROLE users;
66
/* database */
77
-- desired permissions
88
INSERT INTO permission_target
9-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
10-
VALUES (1, 'users', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
11-
(2, 'user1', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
12-
(3, 'user2', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL);
9+
(role_name, permissions, object_type, schema_name, object_name, column_name)
10+
VALUES ('users', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
11+
('user1', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL),
12+
('user2', ARRAY['CONNECT','TEMPORARY']::perm_type[], 'DATABASE', NULL, NULL, NULL);
1313
-- this should fail
1414
INSERT INTO permission_target
15-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
16-
VALUES (4, 'user2', ARRAY['CREATE']::perm_type[], 'DATABASE', 'public', NULL, NULL);
15+
(role_name, permissions, object_type, schema_name, object_name, column_name)
16+
VALUES ('user2', ARRAY['CREATE']::perm_type[], 'DATABASE', 'public', NULL, NULL);
1717
ERROR: new row for relation "permission_target" violates check constraint "permission_target_valid"
1818
DETAIL: Failing row contains (4, user2, {CREATE}, DATABASE, public, null, null).
1919
-- actual permissions
@@ -23,14 +23,14 @@ GRANT CREATE ON DATABASE contrib_regression TO user2; -- too much
2323
/* schema */
2424
-- desired permissions
2525
INSERT INTO permission_target
26-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
27-
VALUES (5, 'users', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
28-
(6, 'user1', ARRAY['USAGE','CREATE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
29-
(7, 'user2', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL);
26+
(role_name, permissions, object_type, schema_name, object_name, column_name)
27+
VALUES ('users', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
28+
('user1', ARRAY['USAGE','CREATE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL),
29+
('user2', ARRAY['USAGE']::perm_type[], 'SCHEMA', 'appschema', NULL, NULL);
3030
-- this should fail
3131
INSERT INTO permission_target
32-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
33-
VALUES (8, 'user2', ARRAY['CREATE']::perm_type[], 'SCHEMA', 'appschema', 'sometable', NULL);
32+
(role_name, permissions, object_type, schema_name, object_name, column_name)
33+
VALUES ('user2', ARRAY['CREATE']::perm_type[], 'SCHEMA', 'appschema', 'sometable', NULL);
3434
ERROR: new row for relation "permission_target" violates check constraint "permission_target_valid"
3535
DETAIL: Failing row contains (8, user2, {CREATE}, SCHEMA, appschema, sometable, null).
3636
-- actual permissions
@@ -40,13 +40,13 @@ GRANT CREATE ON SCHEMA appschema TO user2; -- too much
4040
/* table */
4141
-- desired permissions
4242
INSERT INTO permission_target
43-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
44-
VALUES (9, 'user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'TABLE', 'appschema', NULL, NULL),
45-
(10, 'user2', ARRAY['SELECT']::perm_type[], 'TABLE', 'appschema', NULL, NULL);
43+
(role_name, permissions, object_type, schema_name, object_name, column_name)
44+
VALUES ('user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'TABLE', 'appschema', NULL, NULL),
45+
('user2', ARRAY['SELECT']::perm_type[], 'TABLE', 'appschema', NULL, NULL);
4646
-- this should fail
4747
INSERT INTO permission_target
48-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
49-
VALUES (11, 'user2', ARRAY['INSERT']::perm_type[], 'TABLE', 'appschema', 'apptable', 'acolumn');
48+
(role_name, permissions, object_type, schema_name, object_name, column_name)
49+
VALUES ('user2', ARRAY['INSERT']::perm_type[], 'TABLE', 'appschema', 'apptable', 'acolumn');
5050
ERROR: new row for relation "permission_target" violates check constraint "permission_target_valid"
5151
DETAIL: Failing row contains (11, user2, {INSERT}, TABLE, appschema, apptable, acolumn).
5252
-- actual permissions
@@ -65,12 +65,12 @@ GRANT SELECT, INSERT ON appschema.apptable TO user2; -- extra privilege INSERT
6565
/* column */
6666
-- desired permissions
6767
INSERT INTO permission_target
68-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
69-
VALUES (12, 'user1', ARRAY['SELECT','INSERT','UPDATE','REFERENCES']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
68+
(role_name, permissions, object_type, schema_name, object_name, column_name)
69+
VALUES ('user1', ARRAY['SELECT','INSERT','UPDATE','REFERENCES']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
7070
-- this should fail
7171
INSERT INTO permission_target
72-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
73-
VALUES (13, 'user2', ARRAY['DELETE']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
72+
(role_name, permissions, object_type, schema_name, object_name, column_name)
73+
VALUES ('user2', ARRAY['DELETE']::perm_type[], 'COLUMN', 'appschema', 'apptable2', 'val');
7474
ERROR: new row for relation "permission_target" violates check constraint "permission_target_valid"
7575
DETAIL: Failing row contains (13, user2, {DELETE}, COLUMN, appschema, apptable2, val).
7676
-- actual permissions
@@ -79,9 +79,9 @@ GRANT UPDATE (val) ON appschema.apptable2 TO user2; -- extra privilege UPDATE
7979
/* view */
8080
-- desired permissions
8181
INSERT INTO permission_target
82-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
83-
VALUES (14, 'user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'VIEW', 'appschema', 'appview', NULL),
84-
(15, 'user2', ARRAY['SELECT']::perm_type[], 'VIEW', 'appschema', 'appview', NULL);
82+
(role_name, permissions, object_type, schema_name, object_name, column_name)
83+
VALUES ('user1', ARRAY['SELECT','INSERT','UPDATE','DELETE']::perm_type[], 'VIEW', 'appschema', 'appview', NULL),
84+
('user2', ARRAY['SELECT']::perm_type[], 'VIEW', 'appschema', 'appview', NULL);
8585
-- actual permissions
8686
CREATE VIEW appschema.appview AS
8787
SELECT id, val FROM appschema.apptable;
@@ -90,24 +90,24 @@ GRANT INSERT, DELETE ON appschema.appview TO user1; -- missing UPDATE
9090
/* sequence */
9191
-- desired permissions
9292
INSERT INTO permission_target
93-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
94-
VALUES (16, 'users', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
95-
(17, 'user1', ARRAY['USAGE','SELECT']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
96-
(18, 'user2', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL);
93+
(role_name, permissions, object_type, schema_name, object_name, column_name)
94+
VALUES ('users', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
95+
('user1', ARRAY['USAGE','SELECT']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL),
96+
('user2', ARRAY['USAGE']::perm_type[], 'SEQUENCE', 'appschema', 'appseq', NULL);
9797
-- actual permissions
9898
CREATE SEQUENCE appschema.appseq;
9999
GRANT USAGE ON SEQUENCE appschema.appseq TO users; -- missing SELECT for user1
100100
GRANT UPDATE ON SEQUENCE appschema.appseq TO user2; -- extra permission UPDATE
101101
/* function */
102102
-- desired permissions
103103
INSERT INTO permission_target
104-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
105-
VALUES (19, 'user1', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL),
106-
(20, 'user2', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
104+
(role_name, permissions, object_type, schema_name, object_name, column_name)
105+
VALUES ('user1', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL),
106+
('user2', ARRAY['EXECUTE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
107107
-- this should fail
108108
INSERT INTO permission_target
109-
(id, role_name, permissions, object_type, schema_name, object_name, column_name)
110-
VALUES (21, 'users', ARRAY['UPDATE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
109+
(role_name, permissions, object_type, schema_name, object_name, column_name)
110+
VALUES ('users', ARRAY['UPDATE']::perm_type[], 'FUNCTION', 'appschema', 'appfun(integer)', NULL);
111111
ERROR: new row for relation "permission_target" violates check constraint "permission_target_valid"
112112
DETAIL: Failing row contains (21, users, {UPDATE}, FUNCTION, appschema, appfun(integer), null).
113113
-- actual permissions

pg_permissions--1.1--1.2.sql

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
-- complain if script is sourced in psql, rather than via CREATE EXTENSION
2+
\echo Use "ALTER EXTENSION pg_permissions UPDATE" to load this file. \quit
3+
4+
CREATE SEQUENCE permission_target_id_seq OWNED BY permission_target.id;
5+
ALTER TABLE permission_target ALTER id
6+
SET DEFAULT nextval('permission_target_id_seq'::regclass);
7+
8+
GRANT USAGE ON SEQUENCE permission_target_id_seq TO PUBLIC;
9+
10+
SELECT pg_catalog.pg_extension_config_dump('permission_target_id_seq', '');

0 commit comments

Comments
 (0)