Skip to content

Commit f356ec5

Browse files
deanrasheeddeanrasheed
committed
Teach RemoveRoleFromObjectPolicy() about partitioned tables.
Table partitioning, introduced in commit f0e4475, added a new relkind - RELKIND_PARTITIONED_TABLE. Update RemoveRoleFromObjectPolicy() to handle it, otherwise DROP OWNED BY will fail if the role has any RLS policies referring to partitioned tables. Dean Rasheed, reviewed by Amit Langote. Discussion: https://postgr.es/m/CAEZATCUnNOKN8sLML9jUzxecALWpEXK3a3W7y0PgFR4%2Buhgc%3Dg%40mail.gmail.com
1 parent 0436f6b commit f356ec5

File tree

3 files changed

+11
-1
lines changed

3 files changed

+11
-1
lines changed

src/backend/commands/policy.c

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -474,7 +474,8 @@ RemoveRoleFromObjectPolicy(Oid roleid, Oid classid, Oid policy_id)
474474

475475
rel = relation_open(relid, AccessExclusiveLock);
476476

477-
if (rel->rd_rel->relkind != RELKIND_RELATION)
477+
if (rel->rd_rel->relkind != RELKIND_RELATION &&
478+
rel->rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
478479
ereport(ERROR,
479480
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
480481
errmsg("\"%s\" is not a table",

src/test/regress/expected/rowsecurity.out

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3885,13 +3885,17 @@ RESET SESSION AUTHORIZATION;
38853885
CREATE ROLE regress_rls_dob_role1;
38863886
CREATE ROLE regress_rls_dob_role2;
38873887
CREATE TABLE dob_t1 (c1 int);
3888+
CREATE TABLE dob_t2 (c1 int) PARTITION BY RANGE (c1);
38883889
CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1 USING (true);
38893890
DROP OWNED BY regress_rls_dob_role1;
38903891
DROP POLICY p1 ON dob_t1; -- should fail, already gone
38913892
ERROR: policy "p1" for table "dob_t1" does not exist
38923893
CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1,regress_rls_dob_role2 USING (true);
38933894
DROP OWNED BY regress_rls_dob_role1;
38943895
DROP POLICY p1 ON dob_t1; -- should succeed
3896+
CREATE POLICY p1 ON dob_t2 TO regress_rls_dob_role1,regress_rls_dob_role2 USING (true);
3897+
DROP OWNED BY regress_rls_dob_role1;
3898+
DROP POLICY p1 ON dob_t2; -- should succeed
38953899
DROP USER regress_rls_dob_role1;
38963900
DROP USER regress_rls_dob_role2;
38973901
--

src/test/regress/sql/rowsecurity.sql

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1740,6 +1740,7 @@ CREATE ROLE regress_rls_dob_role1;
17401740
CREATE ROLE regress_rls_dob_role2;
17411741

17421742
CREATE TABLE dob_t1 (c1 int);
1743+
CREATE TABLE dob_t2 (c1 int) PARTITION BY RANGE (c1);
17431744

17441745
CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1 USING (true);
17451746
DROP OWNED BY regress_rls_dob_role1;
@@ -1749,6 +1750,10 @@ CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1,regress_rls_dob_role2 USING
17491750
DROP OWNED BY regress_rls_dob_role1;
17501751
DROP POLICY p1 ON dob_t1; -- should succeed
17511752

1753+
CREATE POLICY p1 ON dob_t2 TO regress_rls_dob_role1,regress_rls_dob_role2 USING (true);
1754+
DROP OWNED BY regress_rls_dob_role1;
1755+
DROP POLICY p1 ON dob_t2; -- should succeed
1756+
17521757
DROP USER regress_rls_dob_role1;
17531758
DROP USER regress_rls_dob_role2;
17541759

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy