search

CrunchyData / pg_parquet

Copy to/from Parquet in S3 from within PostgreSQL
Other
358 stars 11 forks source link

Permission checks are not properly enforced #41

Closed onderkalaci closed 1 month ago

onderkalaci commented 1 month ago

As a superuser:

create role r1 with login ;
grant usage on schema new_tests to r1;
grant SELECT ON ALL TABLES IN SCHEMA new_tests TO r1;

now, as r1 user login, copy to, see the difference between csv and parquet cases:

set search_path to new_tests ;

 copy num to '/tmp/num.csv';
ERROR:  permission denied to COPY to a file
DETAIL:  Only roles with privileges of the "pg_write_server_files" role may COPY to a file.
HINT:  Anyone can COPY to stdout or from stdin. psql's \copy command also works for anyone.
postgres=> copy num to '/tmp/num.parquet';
COPY 9

copy from, see the difference between csv and parquet cases:

copy num from '/tmp/num.csv';
ERROR:  permission denied to COPY from a file
DETAIL:  Only roles with privileges of the "pg_read_server_files" role may COPY from a file.
HINT:  Anyone can COPY to stdout or from stdin. psql's \copy command also works for anyone.
postgres=> copy num from '/tmp/num.parquet';
COPY 9
aykut-bozkurt commented 1 month ago

fixed at development by 6a9b6cfad67c55e821ddc1693f6839ba0b8039bf