diff options
| author | Peter Eisentraut | 2015-03-07 04:42:38 +0000 |
|---|---|---|
| committer | Peter Eisentraut | 2015-03-07 04:42:38 +0000 |
| commit | bb8582abf3c4db18b508627a52effd43672f9410 (patch) | |
| tree | 02381deae3e78e8384a28af2e7526f3953fb7d4e /src/backend/catalog | |
| parent | 6510c832bbf91d52541c7aeefa371123abc2d832 (diff) | |
Remove rolcatupdate
This role attribute is an ancient PostgreSQL feature, but could only be
set by directly updating the system catalogs, and it doesn't have any
clearly defined use.
Author: Adam Brightwell <[email protected]>
Diffstat (limited to 'src/backend/catalog')
| -rw-r--r-- | src/backend/catalog/aclchk.c | 25 | ||||
| -rw-r--r-- | src/backend/catalog/system_views.sql | 3 |
2 files changed, 2 insertions, 26 deletions
diff --git a/src/backend/catalog/aclchk.c b/src/backend/catalog/aclchk.c index 1e3888e293b..3b456f97efa 100644 --- a/src/backend/catalog/aclchk.c +++ b/src/backend/catalog/aclchk.c @@ -3423,26 +3423,6 @@ aclcheck_error_type(AclResult aclerr, Oid typeOid) } -/* Check if given user has rolcatupdate privilege according to pg_authid */ -static bool -has_rolcatupdate(Oid roleid) -{ - bool rolcatupdate; - HeapTuple tuple; - - tuple = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid)); - if (!HeapTupleIsValid(tuple)) - ereport(ERROR, - (errcode(ERRCODE_UNDEFINED_OBJECT), - errmsg("role with OID %u does not exist", roleid))); - - rolcatupdate = ((Form_pg_authid) GETSTRUCT(tuple))->rolcatupdate; - - ReleaseSysCache(tuple); - - return rolcatupdate; -} - /* * Relay for the various pg_*_mask routines depending on object kind */ @@ -3620,8 +3600,7 @@ pg_class_aclmask(Oid table_oid, Oid roleid, /* * Deny anyone permission to update a system catalog unless - * pg_authid.rolcatupdate is set. (This is to let superusers protect - * themselves from themselves.) Also allow it if allowSystemTableMods. + * pg_authid.rolsuper is set. Also allow it if allowSystemTableMods. * * As of 7.4 we have some updatable system views; those shouldn't be * protected in this way. Assume the view rules can take care of @@ -3630,7 +3609,7 @@ pg_class_aclmask(Oid table_oid, Oid roleid, if ((mask & (ACL_INSERT | ACL_UPDATE | ACL_DELETE | ACL_TRUNCATE | ACL_USAGE)) && IsSystemClass(table_oid, classForm) && classForm->relkind != RELKIND_VIEW && - !has_rolcatupdate(roleid) && + !superuser_arg(roleid) && !allowSystemTableMods) { #ifdef ACLDEBUG diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index 5e69e2b2add..2800f73fb6e 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -13,7 +13,6 @@ CREATE VIEW pg_roles AS rolinherit, rolcreaterole, rolcreatedb, - rolcatupdate, rolcanlogin, rolreplication, rolconnlimit, @@ -31,7 +30,6 @@ CREATE VIEW pg_shadow AS pg_authid.oid AS usesysid, rolcreatedb AS usecreatedb, rolsuper AS usesuper, - rolcatupdate AS usecatupd, rolreplication AS userepl, rolbypassrls AS usebypassrls, rolpassword AS passwd, @@ -57,7 +55,6 @@ CREATE VIEW pg_user AS usesysid, usecreatedb, usesuper, - usecatupd, userepl, usebypassrls, '********'::text as passwd, |