Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sytOz-002t6N-QF
	for pgsql-general@arkaria.postgresql.org; Thu, 10 Oct 2024 13:40:27 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sytOx-000dvC-Bg
	for pgsql-general@arkaria.postgresql.org; Thu, 10 Oct 2024 13:40:23 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ewie@ewie.name>)
	id 1sytOw-000dv4-03
	for pgsql-general@lists.postgresql.org; Thu, 10 Oct 2024 13:40:23 +0000
Received: from mout-u-204.mailbox.org ([80.241.59.204])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ewie@ewie.name>)
	id 1sytOo-000D1L-Ta
	for pgsql-general@lists.postgresql.org; Thu, 10 Oct 2024 13:40:20 +0000
Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mout-u-204.mailbox.org (Postfix) with ESMTPS id 4XPW8p2qXJz9sWn;
	Thu, 10 Oct 2024 15:40:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ewie.name; s=MBO0001;
	t=1728567610;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=MKdkk2cuDKt4UJyULVTXtnhAg8hT3JPDGTw7EaaNBhE=;
	b=ubIpwacTEw//hBVYPUJyLye6dVi7wT3ZayAEaBqALnX4Geiw3THT8ln5ZKbTE1m+LUl280
	SwFtipCMDMOM9uN6morefaaD8TBO+WnJWaNdy4FlmyXSdXoDOHUbdXhk++bVJK3lGv6TlB
	+sfMFjMgSYw3BxRUzgh2T9Rjcb4Bt2UyWhEBlQAh0O6oUynHGxXCURGAHEPq9gAUAqtXFe
	HKdSDwsAaWvPaO0QcY/gGhEtqzVWoJaYGEun1p2t0lCcx/k+TnasE0i+T1FeCDwko2WFkg
	A5QNUv24tsbQLDx++RuJBWWhYJd1oF/DelN6OwpS+r5eKB9aetE2olrz1x+vvg==
Date: Thu, 10 Oct 2024 15:40:07 +0200
From: Erik Wienhold <ewie@ewie.name>
To: Dominique Devienne <ddevienne@gmail.com>
Cc: pgsql-general@lists.postgresql.org
Subject: Re: Tablespace ACLs
Message-ID: <711b77fc-f9e5-4637-8a2c-9cc1a3b3f4da@ewie.name>
References: <CAFCRh--u2GEZ15=WJBRmMwPdKJ3r=_XSA3rw8sjWJZ6Nc2NDYw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAFCRh--u2GEZ15=WJBRmMwPdKJ3r=_XSA3rw8sjWJZ6Nc2NDYw@mail.gmail.com>
X-Rspamd-Queue-Id: 4XPW8p2qXJz9sWn
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/711b77fc-f9e5-4637-8a2c-9cc1a3b3f4da%40ewie.name>
Precedence: bulk

On 2024-10-10 14:35 +0200, Dominique Devienne wrote:
> Hi. Why isn't the ::regrole::text cast working as usual?
> Aren't the OIDs for grantor and grantee returned by acldefault() valid ROLEs?
> 
> C:\Users\ddevienne>psql service=...
> psql (17.0)
> SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384,
> compression: off, ALPN: postgresql)
> Type "help" for help.
> 
> ddevienne=> show server_version;
>  server_version
> ----------------
>  17.0
> (1 row)
> 
> ddevienne=> select grantor::regrole::text,
> ddevienne->        case when grantee = 0 then 'PUBLIC' else
> grantee::regrole::text end,
> ddevienne->        privilege_type, is_grantable
> ddevienne->   from pg_tablespace
> ddevienne->   left join lateral aclexplode(coalesce(spcacl,
> acldefault('t', oid))) on true

You must call acldefault() with spcowner instead of oid:

    aclexplode(coalesce(spcacl, acldefault('t', spcowner)))

> ddevienne->  where spcname = 'pg_default';
>  grantor | grantee | privilege_type | is_grantable
> ---------+---------+----------------+--------------
>  1663    | 1663    | CREATE         | f
> (1 row)
> 
> 
> ddevienne=> select grantor::regrole::text,
> ddevienne->        case when grantee = 0 then 'PUBLIC' else
> grantee::regrole::text end,
> ddevienne->        privilege_type, is_grantable
> ddevienne->   from pg_tablespace
> ddevienne->   left join lateral aclexplode(coalesce(spcacl,
> acldefault('t', oid))) on true
> ddevienne->  where spcname = 'hdd_data';
>  grantor | grantee | privilege_type | is_grantable
> ---------+---------+----------------+--------------
>  2128194 | 2128194 | CREATE         | f
> (1 row)
> 
> On a related but different matter, is it normal not having access to a
> single tablespace makes the whole output disappear?
>
> ddevienne=> \db+
> ERROR:  permission denied for tablespace hdd_data

This lacks permission for executing pg_tablespace_size().  Granting
pg_read_all_stats should be sufficient.  But I agree, omitting the
non-accessible tablespaces would be better IMO.

> ddevienne=> \c - postgres
> ddevienne=# \db+
>                                      List of tablespaces
>     Name    |  Owner   |    Location    | Access privileges | Options
> |  Size   | Description
> ------------+----------+----------------+-------------------+---------+---------+-------------
>  hdd_data   | postgres | ... |                   |         | 0 bytes |
>  pg_default | postgres |                |                   |
> | 1077 MB |
>  pg_global  | postgres |                |                   |
> | 6301 kB |
> (3 rows)

-- 
Erik