On Saturday, November 23, 2024, Andrey M. Borodin <x4...@yandex-team.ru> wrote: > > > It seems that protection of temp tables should belong to ACL stuff. And in > a logic of this subsystem would be natural to just allow superuser do > whatever they want with. >
My understanding is the limitation of an owner of a temporary relation in one session being disallowed to alter its contents from another session is an implementation consequence, and not some fundamental model restriction. ACL doesn’t interact with Sessions or Transactions. Nor should it. Minimally informed thinking, associate the specific pg_temp namespace with a procid. Where this limitation exists, which seems like middle management, compare the proc of the namespace to the executor. Pass the role and also an enum of action type (CRUD, drop, truncate, lock, etc…). If the procs match all good. Superuser cannot bypass CRUD and similar as that is the limitation being implemented here. And the owner cannot bypass anything (exceptions could be added as desired). Centralizing things a bit though…maybe something like the relcache (for namespaces…) so you cannot even get a handle on the namespace if you don’t supply the info and pass the checks. Don’t really know enough to say where/how to implement “if you forget to call this check all commands that can reference tables will fail”. David J.
