Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.1.0.0-incubating
    • Component/s: Security
    • Labels:
      None

      Description

      in current code

      if (objkind == ACL_KIND_CLASS)
        {
          char relstorage = get_rel_relstorage(obj_oid);
          if (relstorage == 'h')
          {
            return true;
          }
        }
      

      This just fallback pg_catalog.tables, does not fallback pg_catalog.views. Because the relstorage of pg_catalog.view is 'v', not 'h'. So we should fix it to fallback the privileges request use the following condition.

      if (namespaceid == PG_CATALOG_NAMESPACE || namespaceid == information_schema_namespcace_oid
                  || namespaceid == PG_AOSEGMENT_NAMESPACE || namespaceid == PG_TOAST_NAMESPACE
                  || namespaceid == PG_BITMAPINDEX_NAMESPACE)
      

      reproduce:
      1. psql -d postgres
      2. set log_min_messages='DEBUG3';
      3. SELECT setting FROM pg_settings WHERE name='client_min_messages';

      Can see the json request:

      2017-02-13 16:43:37.908980 CST,"xsheng","postgres",p21556,th2021810176,"[local]",,2017-02-13 15:07:36 CST,25538,con13,cmd92,seg-10000,,,x25538,sx1,"DEBUG3","00000","send json request to ranger : { ""requestId"": ""40"", ""user"    ": ""xsheng"", ""clientIp"": ""127.0.0.1"", ""context"": ""SELECT setting FROM pg_settings WHERE name='client_min_messages'\n;"", ""access"": [ { ""resource"": { ""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table""    : ""pg_settings"" }, ""privileges"": [ ""select"" ] }, { ""resource"": { ""database"": ""postgres"", ""schema"": ""pg_catalog"", ""table"": ""pg_settings_gpsql"" }, ""privileges"": [ ""select"" ] } ] }",,,,,,"SELECT setting FRO    M pg_settings WHERE name='client_min_messages';",0,,"rangerrest.c",454,
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                xsheng Xiang Sheng
                Reporter:
                xsheng Xiang Sheng
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: