From 878f3a19c6c8ff197e4a33f51d921a4abafcc494 Mon Sep 17 00:00:00 2001 From: Michael Paquier Date: Sat, 21 Nov 2020 19:45:30 +0900 Subject: Remove INSERT privilege check at table creation of CTAS and matview As per discussion with Peter Eisentraunt, the SQL standard specifies that any tuple insertion done as part of CREATE TABLE AS happens without any extra ACL check, so it makes little sense to keep a check for INSERT privileges when using WITH DATA. Materialized views are not part of the standard, but similarly, this check can be confusing as this refers to an access check on a table created within the same command as the one that would insert data into this table. This commit removes the INSERT privilege check for WITH DATA, the default, that 846005e removed partially, but only for WITH NO DATA. Author: Bharath Rupireddy Discussion: https://postgr.es/m/d049c272-9a47-d783-46b0-46665b011598@enterprisedb.com --- src/backend/commands/createas.c | 26 -------------------------- 1 file changed, 26 deletions(-) (limited to 'src/backend/commands/createas.c') diff --git a/src/backend/commands/createas.c b/src/backend/commands/createas.c index 37649eafa88..6bf6c5a3106 100644 --- a/src/backend/commands/createas.c +++ b/src/backend/commands/createas.c @@ -432,7 +432,6 @@ intorel_startup(DestReceiver *self, int operation, TupleDesc typeinfo) DR_intorel *myState = (DR_intorel *) self; IntoClause *into = myState->into; bool is_matview; - char relkind; List *attrList; ObjectAddress intoRelationAddr; Relation intoRelationDesc; @@ -443,7 +442,6 @@ intorel_startup(DestReceiver *self, int operation, TupleDesc typeinfo) /* This code supports both CREATE TABLE AS and CREATE MATERIALIZED VIEW */ is_matview = (into->viewQuery != NULL); - relkind = is_matview ? RELKIND_MATVIEW : RELKIND_RELATION; /* * Build column definitions using "pre-cooked" type and collation info. If @@ -505,30 +503,6 @@ intorel_startup(DestReceiver *self, int operation, TupleDesc typeinfo) */ intoRelationDesc = table_open(intoRelationAddr.objectId, AccessExclusiveLock); - /* - * Check INSERT permission on the constructed table. Skip this check if - * WITH NO DATA is specified as only a table gets created with no tuples - * inserted, that is a case possible when using EXPLAIN ANALYZE or - * EXECUTE. - */ - if (!into->skipData) - { - RangeTblEntry *rte; - - rte = makeNode(RangeTblEntry); - rte->rtekind = RTE_RELATION; - rte->relid = intoRelationAddr.objectId; - rte->relkind = relkind; - rte->rellockmode = RowExclusiveLock; - rte->requiredPerms = ACL_INSERT; - - for (attnum = 1; attnum <= intoRelationDesc->rd_att->natts; attnum++) - rte->insertedCols = bms_add_member(rte->insertedCols, - attnum - FirstLowInvalidHeapAttributeNumber); - - ExecCheckRTPerms(list_make1(rte), true); - } - /* * Make sure the constructed table does not have RLS enabled. * -- cgit v1.2.3