From f4c4335a4aaf5f2ee6e741cdf4f5c8e338d86a2f Mon Sep 17 00:00:00 2001
From: Alvaro Herrera <alvherre@alvh.no-ip.org>
Date: Tue, 23 Oct 2012 18:07:26 -0300
Subject: Add context info to OAT_POST_CREATE security hook

... and have sepgsql use it to determine whether to check permissions
during certain operations.  Indexes that are being created as a result
of REINDEX, for instance, do not need to have their permissions checked;
they were already checked when the index was created.

Author: KaiGai Kohei, slightly revised by me
---
 doc/src/sgml/sepgsql.sgml | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'doc/src')

diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml
index ff083a06596..522aa8b9903 100644
--- a/doc/src/sgml/sepgsql.sgml
+++ b/doc/src/sgml/sepgsql.sgml
@@ -449,6 +449,12 @@ UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100;
     <literal>remove_name</> on the schema.
    </para>
 
+   <para>
+    When objects that are subsidiary of other objects (such as a table's indexes
+    or triggers) are created or dropped, <literal>setattr</> permission will be
+    checked on the main object, instead of the subsidiary object itself.
+   </para>
+
    <para>
     When <xref linkend="sql-security-label"> is executed, <literal>setattr</>
     and <literal>relabelfrom</> will be checked on the object being relabeled
-- 
cgit v1.2.3