Skip to content

Commit f356ec5

Browse files
deanrasheeddeanrasheed
committed
Teach RemoveRoleFromObjectPolicy() about partitioned tables.
Table partitioning, introduced in commit f0e4475, added a new relkind - RELKIND_PARTITIONED_TABLE. Update RemoveRoleFromObjectPolicy() to handle it, otherwise DROP OWNED BY will fail if the role has any RLS policies referring to partitioned tables. Dean Rasheed, reviewed by Amit Langote. Discussion: https://postgr.es/m/CAEZATCUnNOKN8sLML9jUzxecALWpEXK3a3W7y0PgFR4%2Buhgc%3Dg%40mail.gmail.com
1 parent 0436f6b commit f356ec5

File tree

3 files changed

+11
-1
lines changed

3 files changed

+11
-1
lines changed

src/backend/commands/policy.c

+2-1
Original file line numberDiff line numberDiff line change
@@ -474,7 +474,8 @@ RemoveRoleFromObjectPolicy(Oid roleid, Oid classid, Oid policy_id)
474474

475475
rel = relation_open(relid, AccessExclusiveLock);
476476

477-
if (rel->rd_rel->relkind != RELKIND_RELATION)
477+
if (rel->rd_rel->relkind != RELKIND_RELATION &&
478+
rel->rd_rel->relkind != RELKIND_PARTITIONED_TABLE)
478479
ereport(ERROR,
479480
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
480481
errmsg("\"%s\" is not a table",

src/test/regress/expected/rowsecurity.out

+4
Original file line numberDiff line numberDiff line change
@@ -3885,13 +3885,17 @@ RESET SESSION AUTHORIZATION;
38853885
CREATE ROLE regress_rls_dob_role1;
38863886
CREATE ROLE regress_rls_dob_role2;
38873887
CREATE TABLE dob_t1 (c1 int);
3888+
CREATE TABLE dob_t2 (c1 int) PARTITION BY RANGE (c1);
38883889
CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1 USING (true);
38893890
DROP OWNED BY regress_rls_dob_role1;
38903891
DROP POLICY p1 ON dob_t1; -- should fail, already gone
38913892
ERROR: policy "p1" for table "dob_t1" does not exist
38923893
CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1,regress_rls_dob_role2 USING (true);
38933894
DROP OWNED BY regress_rls_dob_role1;
38943895
DROP POLICY p1 ON dob_t1; -- should succeed
3896+
CREATE POLICY p1 ON dob_t2 TO regress_rls_dob_role1,regress_rls_dob_role2 USING (true);
3897+
DROP OWNED BY regress_rls_dob_role1;
3898+
DROP POLICY p1 ON dob_t2; -- should succeed
38953899
DROP USER regress_rls_dob_role1;
38963900
DROP USER regress_rls_dob_role2;
38973901
--

src/test/regress/sql/rowsecurity.sql

+5
Original file line numberDiff line numberDiff line change
@@ -1740,6 +1740,7 @@ CREATE ROLE regress_rls_dob_role1;
17401740
CREATE ROLE regress_rls_dob_role2;
17411741

17421742
CREATE TABLE dob_t1 (c1 int);
1743+
CREATE TABLE dob_t2 (c1 int) PARTITION BY RANGE (c1);
17431744

17441745
CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1 USING (true);
17451746
DROP OWNED BY regress_rls_dob_role1;
@@ -1749,6 +1750,10 @@ CREATE POLICY p1 ON dob_t1 TO regress_rls_dob_role1,regress_rls_dob_role2 USING
17491750
DROP OWNED BY regress_rls_dob_role1;
17501751
DROP POLICY p1 ON dob_t1; -- should succeed
17511752

1753+
CREATE POLICY p1 ON dob_t2 TO regress_rls_dob_role1,regress_rls_dob_role2 USING (true);
1754+
DROP OWNED BY regress_rls_dob_role1;
1755+
DROP POLICY p1 ON dob_t2; -- should succeed
1756+
17521757
DROP USER regress_rls_dob_role1;
17531758
DROP USER regress_rls_dob_role2;
17541759

0 commit comments

Comments
 (0)