Skip to content

Commit

Permalink
Support GRANT .. ON SCHEMA .. in Babelfish (babelfish-for-postgresql#…
Browse files Browse the repository at this point in the history
…1848)

1. Supported syntax GRANT <permission> ON SCHEMA::<schema_name> TO <user_name>
2. Supported syntax REVOKE <permission> ON SCHEMA::<schema_name> FROM <user_name>
3. Added one SQL statement PLTSQL_STMT_GRANTSCHEMA to store relevant information to execute GRANT/REVOKE .. ON SCHEMA .. statements.
4. Created one catalog table sys.babelfish_schema_permissions to hold the details about schema name, database name, object name, permission name and user name for each GRANT/REVOKE statements.
5. GRANT on schema/objects adds a row in the catalog table if not exists already.
6. REVOKE on schema/objects removes the corresponding row in the catalog table if it exists already.
7. REVOKE on schema internally grants permission to all the objects if there are explicit permissions granted to the objects belonging to the same schema.
8. GRANT ALL on objects work as it is and add rows in the catalog for each relevant permission depending on the object type.
9. REVOKE ALL on object should do nothing, if the relevant schema permission exists in the catalog. But, it should remove the rows from the catalog if the object level permission is granted.
10. Drop statement for OBJECT/SCHEMA removes all the relevant object entries from the catalog.

Task: BABEL-4344
Signed-off-by: Shalini Lohia <[email protected]>
Co-authored-by: Shalini Lohia <[email protected]>
  • Loading branch information
shalinilohia50 and lohia-shalini authored Oct 13, 2023
1 parent fe2b8ea commit e302bca
Show file tree
Hide file tree
Showing 41 changed files with 2,987 additions and 19 deletions.
11 changes: 11 additions & 0 deletions contrib/babelfishpg_tsql/sql/ownership.sql
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,17 @@ CREATE TABLE sys.babelfish_sysdatabases (

GRANT SELECT on sys.babelfish_sysdatabases TO PUBLIC;

-- BABELFISH_SCHEMA_PERMISSIONS
CREATE TABLE sys.babelfish_schema_permissions (
dbid smallint NOT NULL,
schema_name NAME NOT NULL,
object_name NAME NOT NULL,
permission NAME NOT NULL,
grantee NAME NOT NULL,
object_type NAME,
PRIMARY KEY(dbid, schema_name, object_name, permission, grantee)
);

-- BABELFISH_FUNCTION_EXT
CREATE TABLE sys.babelfish_function_ext (
nspname NAME NOT NULL,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -789,7 +789,16 @@ $BODY$
LANGUAGE plpgsql
IMMUTABLE;


-- BABELFISH_SCHEMA_PERMISSIONS
CREATE TABLE IF NOT EXISTS sys.babelfish_schema_permissions (
dbid smallint NOT NULL,
schema_name NAME NOT NULL,
object_name NAME NOT NULL,
permission NAME NOT NULL,
grantee NAME NOT NULL,
object_type NAME,
PRIMARY KEY(dbid, schema_name, object_name, permission, grantee)
);

create or replace function sys.babelfish_timezone_mapping(IN tmz text) returns text
AS 'babelfishpg_tsql', 'timezone_mapping'
Expand Down
Loading

0 comments on commit e302bca

Please sign in to comment.