I have large database and with this DB work more users and I very need

more restriction for fretful users. The current PG allow define only
NO-CREATE-DB and NO-CREATE-USER restriction, but for some users I need
NO-CREATE-TABLE and NO-LOCK-TABLE.

This patch add to current code NOCREATETABLE and NOLOCKTABLE feature:

CREATE USER username
    [ WITH
     [ SYSID uid ]
     [ PASSWORD 'password' ] ]
    [ CREATEDB   | NOCREATEDB ] [ CREATEUSER | NOCREATEUSER ]
->  [ CREATETABLE | NOCREATETABLE ] [ LOCKTABLE | NOLOCKTABLE ]
    ...etc.

 If CREATETABLE or LOCKTABLE is not specific in CREATE USER command,
as default is set CREATETABLE or LOCKTABLE (true).

 A user with NOCREATETABLE restriction can't call CREATE TABLE or
SELECT INTO commands, only create temp table is allow for him.

                                                Karel

5 files changed, 31 insertions, 21 deletions

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 8ee2a319b1..5c5b585997 100644
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -37,7 +37,7 @@
  * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: catversion.h,v 1.27 2000/06/09 01:11:10 tgl Exp $
+ * $Id: catversion.h,v 1.28 2000/06/09 15:50:59 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,6 +53,6 @@
  */
 
 /*							yyyymmddN */
-#define CATALOG_VERSION_NO	200006081
+#define CATALOG_VERSION_NO	200006092
 
 #endif
diff --git a/src/include/catalog/pg_attribute.h b/src/include/catalog/pg_attribute.h
index eb731c955d..74be5467bd 100644
--- a/src/include/catalog/pg_attribute.h
+++ b/src/include/catalog/pg_attribute.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_attribute.h,v 1.57 2000/06/09 01:44:22 momjian Exp $
+ * $Id: pg_attribute.h,v 1.58 2000/06/09 15:51:00 momjian Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -336,12 +336,14 @@ DATA(insert OID = 0 ( 1255 cmax				29 0  4  -6 0 -1 -1 t p f i f f));
  */
 DATA(insert OID = 0 ( 1260 usename			19	0 NAMEDATALEN	1 0 -1 -1 f p f i f f));
 DATA(insert OID = 0 ( 1260 usesysid			23	0	4	2 0 -1 -1 t p f i f f));
-DATA(insert OID = 0 ( 1260 usecreatedb		16	0	1	3 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 usetrace			16	0	1	4 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 usesuper			16	0	1	5 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 usecatupd		16	0	1	6 0 -1 -1 t p f c f f));
-DATA(insert OID = 0 ( 1260 passwd			25	0  -1	7 0 -1 -1 f p f i f f));
-DATA(insert OID = 0 ( 1260 valuntil			702 0	4	8 0 -1 -1 t p f i f f));
+DATA(insert OID = 0 ( 1260 usecreatedb			16	0	1	3 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 usecreatetable		16	0	1	4 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 uselocktable			16	0	1	5 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 usetrace			16	0	1	6 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 usesuper			16	0	1	7 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 usecatupd			16	0	1	8 0 -1 -1 t p f c f f));
+DATA(insert OID = 0 ( 1260 passwd			25	0  	-1	9 0 -1 -1 f p f i f f));
+DATA(insert OID = 0 ( 1260 valuntil			702 	0	4	10 0 -1 -1 t p f i f f));
 DATA(insert OID = 0 ( 1260 ctid				27 0  6  -1 0 -1 -1 f p f i f f));
 DATA(insert OID = 0 ( 1260 oid				26 0  4  -2 0 -1 -1 t p f i f f));
 DATA(insert OID = 0 ( 1260 xmin				28 0  4  -3 0 -1 -1 t p f i f f));
diff --git a/src/include/catalog/pg_class.h b/src/include/catalog/pg_class.h
index 25dd55eacb..f7e786cf02 100644
--- a/src/include/catalog/pg_class.h
+++ b/src/include/catalog/pg_class.h
@@ -8,7 +8,7 @@
  * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_class.h,v 1.35 2000/06/09 01:44:23 momjian Exp $
+ * $Id: pg_class.h,v 1.36 2000/06/09 15:51:00 momjian Exp $
  *
  * NOTES
  *	  ``pg_relation'' is being replaced by ``pg_class''.  currently
@@ -139,7 +139,7 @@ DATA(insert OID = 1255 (  pg_proc 81		  PGUID 0 0 0 0 f f r 17 0 0 0 0 0 f f f _
 DESCR("");
 DATA(insert OID = 1259 (  pg_class 83		  PGUID 0 0 0 0 f f r 20 0 0 0 0 0 f f f _null_ ));
 DESCR("");
-DATA(insert OID = 1260 (  pg_shadow 86		  PGUID 0 0 0 0 f t r 8  0 0 0 0 0 f f f _null_ ));
+DATA(insert OID = 1260 (  pg_shadow 86		  PGUID 0 0 0 0 f t r 10  0 0 0 0 0 f f f _null_ ));
 DESCR("");
 DATA(insert OID = 1261 (  pg_group 87		  PGUID 0 0 0 0 f t r 3  0 0 0 0 0 f f f _null_ ));
 DESCR("");
diff --git a/src/include/catalog/pg_shadow.h b/src/include/catalog/pg_shadow.h
index 33eb23dde0..9d60c9cc0f 100644
--- a/src/include/catalog/pg_shadow.h
+++ b/src/include/catalog/pg_shadow.h
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pg_shadow.h,v 1.7 2000/01/26 05:57:58 momjian Exp $
+ * $Id: pg_shadow.h,v 1.8 2000/06/09 15:51:00 momjian Exp $
  *
  * NOTES
  *	  the genbki.sh script reads this file and generates .bki
@@ -38,6 +38,8 @@ CATALOG(pg_shadow) BOOTSTRAP
 	NameData	usename;
 	int4		usesysid;
 	bool		usecreatedb;
+	bool		usecreatetable;
+	bool		uselocktable;
 	bool		usetrace;
 	bool		usesuper;
 	bool		usecatupd;
@@ -56,15 +58,17 @@ typedef FormData_pg_shadow *Form_pg_shadow;
  *		compiler constants for pg_shadow
  * ----------------
  */
-#define Natts_pg_shadow				8
+#define Natts_pg_shadow				10
 #define Anum_pg_shadow_usename			1
 #define Anum_pg_shadow_usesysid			2
 #define Anum_pg_shadow_usecreatedb		3
-#define Anum_pg_shadow_usetrace			4
-#define Anum_pg_shadow_usesuper			5
-#define Anum_pg_shadow_usecatupd		6
-#define Anum_pg_shadow_passwd			7
-#define Anum_pg_shadow_valuntil			8
+#define Anum_pg_shadow_usecreatetable		4
+#define Anum_pg_shadow_uselocktable		5
+#define Anum_pg_shadow_usetrace			6
+#define Anum_pg_shadow_usesuper			7
+#define Anum_pg_shadow_usecatupd		8
+#define Anum_pg_shadow_passwd			9
+#define Anum_pg_shadow_valuntil			10
 
 /* ----------------
  *		initial contents of pg_shadow
@@ -73,6 +77,6 @@ typedef FormData_pg_shadow *Form_pg_shadow;
  * user choices.
  * ----------------
  */
-DATA(insert OID = 0 ( POSTGRES PGUID t t t t _null_ _null_ ));
+DATA(insert OID = 0 ( POSTGRES PGUID t t t t t t _null_ _null_ ));
 
 #endif	 /* PG_SHADOW_H */
diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h
index c4fae8b045..dbb5ab9338 100644
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2000, PostgreSQL, Inc
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: parsenodes.h,v 1.106 2000/06/09 01:44:26 momjian Exp $
+ * $Id: parsenodes.h,v 1.107 2000/06/09 15:51:02 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -290,7 +290,7 @@ typedef struct DropPLangStmt
 
 
 /* ----------------------
- *				Create/Alter/Drop User Statements
+ *		Create/Alter/Drop User Statements
  * ----------------------
  */
 typedef struct CreateUserStmt
@@ -301,6 +301,8 @@ typedef struct CreateUserStmt
 	int			sysid;			/* PgSQL system id (-1 if don't care) */
 	bool		createdb;		/* Can the user create databases?	  */
 	bool		createuser;		/* Can this user create users?		  */
+	bool        createtable;	/* Can this user create tables?		  */
+	bool        locktable;		/* Can this user lock tables?		  */
 	List	   *groupElts;		/* The groups the user is a member of */
 	char	   *validUntil;		/* The time the login is valid until  */
 } CreateUserStmt;
@@ -312,6 +314,8 @@ typedef struct AlterUserStmt
 	char	   *password;		/* PostgreSQL user password			  */
 	int			createdb;		/* Can the user create databases?	  */
 	int			createuser;		/* Can this user create users?		  */
+	bool        createtable;	/* Can this user create tables?		  */
+	bool        locktable;		/* Can this user lock tables?		  */
 	char	   *validUntil;		/* The time the login is valid until  */
 } AlterUserStmt;