Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tKqzW-00BBOZ-UA for pgsql-hackers@arkaria.postgresql.org; Tue, 10 Dec 2024 03:32:54 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tKqzU-00EqMB-FJ for pgsql-hackers@arkaria.postgresql.org; Tue, 10 Dec 2024 03:32:53 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tKqzU-00EqLl-5b for pgsql-hackers@lists.postgresql.org; Tue, 10 Dec 2024 03:32:53 +0000 Received: from mail-vs1-xe2d.google.com ([2607:f8b0:4864:20::e2d]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tKqzS-0020eT-NQ for pgsql-hackers@lists.postgresql.org; Tue, 10 Dec 2024 03:32:52 +0000 Received: by mail-vs1-xe2d.google.com with SMTP id ada2fe7eead31-4b10e0654afso791590137.2 for ; Mon, 09 Dec 2024 19:32:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733801569; x=1734406369; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=7kLgJrI/ZHjH/L2XYuna2cyorf4jmwwiFGS6ulEr/AM=; b=F8OpgovLI87ZlW7Zdhd+KkusUc6w/XQVaJo9L0wDuhwvlaRccmxL9dzMpuC/WRbJGK 9mtIrP3sSf0HSmr+YpYvPJOlN4pMpZN3fVBRrOwRuCZ+tmL+271Nu4rUI8vQVdAJ5LAq t93BOELoTPFLAkgW8tUdqsiSAVxOHvOoauZubTJFO/AOKKLZ1pbd+IALlTUiA1Z5chXw dHAh5mGn6g9cjI36/e9QDxyPEEcAhgXUPhpS6RAHsavYBH/UiBkUjuVLuwuPP0epb489 DjmeHF+ZMrmWDEkLv4BKTjzX3kXbtPmOWyjlZxge0SxwZVhUirc7u3LzkhnCxsCwoz90 OKxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733801569; x=1734406369; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=7kLgJrI/ZHjH/L2XYuna2cyorf4jmwwiFGS6ulEr/AM=; b=wuGwfJaTyefKreHk4hYvgjI3hBhtTRacx3AvrTTjq+/c5BgJUps1rV4ck8fXktA8wF oLkmqLWV5rphaJffyNZj5hOSd/3iDM3wNFt4gvGQr+aVhVQ88Z2R126NVbBEuZ9lcpih hk8/vUVCNbHmTQMmS9i0623oTvlXs+gVnrGR3koSd09P6uNh5EJR/dD6FpG+/yLqRcfc Ai0EWlFbxNyw7IaPItICgzIy6zaPgi0/oX1yaeZyfbkm8n7Cqi3KYfe/tfoQqqcxXbjj VZYEgh4TUjzQcBY0awkHT2b7vuMtr75nmq9ofetFpo3u6HM2LOp+CeP0jKhRv/8HtlCr p61A== X-Forwarded-Encrypted: i=1; AJvYcCX5QT+By0DRsEazERmhHM6vs7RQJqBJ9Sl3DEyTIijh0aAajykhl58YcOBfygaOBK/AqBQHb0gvOsK9xM5k@lists.postgresql.org X-Gm-Message-State: AOJu0Yz7g3/S/fv7tgpeF0CsiwPtxttxeWMsaMsrGxoiZrgffcF9stdq 49C3fWe6FsjLCFmk1QWLXACbWkf44gRQzMfvGNq3B6sBgqnotwkmz3gqnIKJoAUD2zjM0QCDWEp r0EF1tZWpOkvfLMah0aNH9nlOV5I= X-Gm-Gg: ASbGncufbIveCM9gNqctN+EsWU5QRl3GF5X7MjhHanLsdLu9s8mOcctZXYAoinWBKFk b9ZLqw9KJM+xyJvYnhYUAsBZ8Wap2b/oo7zYa X-Google-Smtp-Source: AGHT+IFYok3BJwbFOopGPoLWZqDoHlsEsWPRAPYj2zK/K/mFuwxtZs9bGBJusN+2r2vGZLaE5zdMgpp/rcD74BJYlpU= X-Received: by 2002:a05:6102:355a:b0:4af:de39:8daa with SMTP id ada2fe7eead31-4afde39e0e9mr7526989137.4.1733801569178; Mon, 09 Dec 2024 19:32:49 -0800 (PST) MIME-Version: 1.0 References: <3chredgnjcmccym2kczawfih226b4ac6co7p6z4jeofevrcosi@mrsxkx2x2c65> In-Reply-To: From: jian he Date: Tue, 10 Dec 2024 11:32:37 +0800 Message-ID: Subject: Re: proposal: schema variables To: Pavel Stehule Cc: Dmitry Dolgov <9erthalion6@gmail.com>, Laurenz Albe , Erik Rijkers , Michael Paquier , Amit Kapila , DUVAL REMI , PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk hi. GRANT|REVOKE ALL VARIABLES IN SCHEMA schema_name [, ...] } seems to work. might be better to add tests. also src/bin/psql/tab-complete.in.c COMPLETE_WITH_SCHEMA_QUERY_PLUS(Query_for_list_of_grantables, we can also add "ALL VARIABLES IN SCHEMA " also need change this in grant.sgml: There is also an option to grant privileges on all objects of the same type within one or more schemas. This functionality is currently supported only for tables, sequences, functions, and procedures. ALL TABLES also affects views and foreign tables, just like the specific-object GRANT command. ALL FUNCTIONS also affects aggregate and window functions, but not procedures, again just like the specific-object GRANT command. Use ALL ROUTINES to include procedures. revoke.sgml, we should use role_specification? so it will become like: REVOKE [ GRANT OPTION FOR ] { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] } ON { VARIABLE variable_name [, ...] | ALL VARIABLES IN SCHEMA schema_name [, ...] } FROM role_specification [, ...] maybe also add [ GRANTED BY role_specification ] but I didn't test "REVOKE [ GRANTED BY role_specification ]". Speaking of acl tests, similar to has_table_privilege I am afraid we need to have a function like has_variable_privilege for acl tests. has_table_privilege has 6 function signatures. so there will be more code. ------------------------------------------------------ doc/src/sgml/ref/create_variable.sgml section: CREATE VARIABLE [ IF NOT EXISTS ] name [ AS ] data_type ] [ COLLATE collation ] redundant right square bracket after "data_type".