From 1cea9bbb21e9e90dc7085ce605d9160e7161fa58 Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Wed, 27 Mar 2013 08:10:14 -0400 Subject: sepgsql: Support for new post-ALTER access hook. KaiGai Kohei --- doc/src/sgml/sepgsql.sgml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml index e7ce8b5d5b3..5ee08e1dee2 100644 --- a/doc/src/sgml/sepgsql.sgml +++ b/doc/src/sgml/sepgsql.sgml @@ -438,6 +438,12 @@ UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100; On creation of objects within a particular schema (tables, views, sequences and procedures), add_name will be also checked on the schema, not only create on the new object itself. + On , install permission + will be checked if leakproof attribute was given, not only + create on the new function. This permission will be also + checked when user tries to turn on leakproof attribute + using command, with + setattr permission on the function being altered. @@ -450,9 +456,19 @@ UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100; - When objects that are subsidiary of other objects (such as a table's indexes - or triggers) are created or dropped, setattr permission will be - checked on the main object, instead of the subsidiary object itself. + When ALTER command is executed, setattr will be + checked on the object being modified for each object types. + In addition, remove_name and add_name + will be checked on the old and new schemas, respectively, when an + object is moved to a new schema. + For certain object types, additional checks are performed. + + + + When objects that are subsidiary of other objects (such as a table's + indexes or triggers) are created, dropped or altered, + setattr permission will be checked on the main object, + instead of the subsidiary object itself. -- cgit v1.2.3