From f781a0f1d88411978c9df5f05cbb4f46aabe3d24 Mon Sep 17 00:00:00 2001 From: Joe Conway Date: Tue, 28 Jul 2015 16:01:53 -0700 Subject: Create a pg_shdepend entry for each role in TO clause of policies. CreatePolicy() and AlterPolicy() omit to create a pg_shdepend entry for each role in the TO clause. Fix this by creating a new shared dependency type called SHARED_DEPENDENCY_POLICY and assigning it to each role. Reported by Noah Misch. Patch by me, reviewed by Alvaro Herrera. Back-patch to 9.5 where RLS was introduced. --- src/include/catalog/dependency.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/include') diff --git a/src/include/catalog/dependency.h b/src/include/catalog/dependency.h index aa3f3d90a18..fbcf9044325 100644 --- a/src/include/catalog/dependency.h +++ b/src/include/catalog/dependency.h @@ -96,6 +96,10 @@ typedef enum DependencyType * created for the owner of an object; hence two objects may be linked by * one or the other, but not both, of these dependency types.) * + * (d) a SHARED_DEPENDENCY_POLICY entry means that the referenced object is + * a role mentioned in a policy object. The referenced object must be a + * pg_authid entry. + * * SHARED_DEPENDENCY_INVALID is a value used as a parameter in internal * routines, and is not valid in the catalog itself. */ @@ -104,6 +108,7 @@ typedef enum SharedDependencyType SHARED_DEPENDENCY_PIN = 'p', SHARED_DEPENDENCY_OWNER = 'o', SHARED_DEPENDENCY_ACL = 'a', + SHARED_DEPENDENCY_POLICY = 'r', SHARED_DEPENDENCY_INVALID = 0 } SharedDependencyType; -- cgit v1.2.3