public inbox for [email protected]
help / color / mirror / Atom feedFrom: Alexander Lakhin <[email protected]>
To: Alexander Korotkov <[email protected]>
To: Dmitry Koval <[email protected]>
Cc: Justin Pryzby <[email protected]>
Cc: Robert Haas <[email protected]>
Cc: Pavel Borisov <[email protected]>
Cc: [email protected]
Subject: Re: Add SPLIT PARTITION/MERGE PARTITIONS commands
Date: Sun, 28 Apr 2024 14:00:00 +0300
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAPpHfduYuYECrqpHMgcOsNr+4j3uJK+JPUJ_zDBn-tqjjh3p1Q@mail.gmail.com>
References: <[email protected]>
<[email protected]>
<[email protected]>
<CAPpHfdv-uR663BO6G2kRuLEQjob+UBHuD3iyXF+qGHXQFRN0-Q@mail.gmail.com>
<[email protected]>
<CAPpHfdvShLh5txtQdh6=ZMCnzGZHv8W+RHAe8pY94rfzghWTAg@mail.gmail.com>
<[email protected]>
<[email protected]>
<CAPpHfdtLk5M4FV6C33DnBusWpsbwwmrQ83mpu7N8PZMupbftyw@mail.gmail.com>
<CAPpHfdtB9L1C7HLE30WDQfQQgUZo5P+5=9kLr5vQSpDZ-2AV_A@mail.gmail.com>
<ZilrByTp-pbz6Mvf@pryzbyj2023>
<CALT9ZEEwUkuhyxu2a1S7DYXZqfcy99q78q6BgvNRtpkY=VhfVQ@mail.gmail.com>
<CAPpHfduYuYECrqpHMgcOsNr+4j3uJK+JPUJ_zDBn-tqjjh3p1Q@mail.gmail.com>
Hello,
28.04.2024 03:59, Alexander Korotkov wrote:
> The revised patchset is attached. I'm going to push it if there are
> no objections.
I have one additional question regarding security, if you don't mind:
What permissions should a user have to perform split/merge?
When we deal with mixed ownership, say, bob is an owner of a
partitioned table, but not an owner of a partition, should we
allow him to perform merge with that partition?
Consider the following script:
CREATE ROLE alice;
GRANT CREATE ON SCHEMA public TO alice;
SET SESSION AUTHORIZATION alice;
CREATE TABLE t (i int PRIMARY KEY, t text, u text) PARTITION BY RANGE (i);
CREATE TABLE tp_00 PARTITION OF t FOR VALUES FROM (0) TO (10);
CREATE TABLE tp_10 PARTITION OF t FOR VALUES FROM (10) TO (20);
CREATE POLICY p1 ON tp_00 USING (u = current_user);
ALTER TABLE tp_00 ENABLE ROW LEVEL SECURITY;
INSERT INTO t(i, t, u) VALUES (0, 'info for bob', 'bob');
INSERT INTO t(i, t, u) VALUES (1, 'info for alice', 'alice');
RESET SESSION AUTHORIZATION;
CREATE ROLE bob;
GRANT CREATE ON SCHEMA public TO bob;
ALTER TABLE t OWNER TO bob;
GRANT SELECT ON TABLE tp_00 TO bob;
SET SESSION AUTHORIZATION bob;
SELECT * FROM tp_00;
--- here bob can see his info only
\d
Schema | Name | Type | Owner
--------+-------+-------------------+-------
public | t | partitioned table | bob
public | tp_00 | table | alice
public | tp_10 | table | alice
-- but then bob can do:
ALTER TABLE t MERGE PARTITIONS (tp_00, tp_10) INTO tp_00;
-- (yes, he also can detach the partition tp_00, but then he couldn't
-- re-attach nor read it)
\d
Schema | Name | Type | Owner
--------+-------+-------------------+-------
public | t | partitioned table | bob
public | tp_00 | table | bob
Thus bob effectively have captured the partition with the data.
What do you think, does this create a new security risk?
Best regards,
Alexander
view thread (48+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Add SPLIT PARTITION/MERGE PARTITIONS commands
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox