From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
Cc: | quae(at)daurnimator(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: BUG #15708: RLS 'using' running as wrong user when called from a view |
Date: | 2019-03-25 20:27:23 |
Message-ID: | 20190325202723.GC6197@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs pgsql-hackers |
Greetings,
* Dean Rasheed (dean(dot)a(dot)rasheed(at)gmail(dot)com) wrote:
> On Thu, 21 Mar 2019 at 00:39, PG Bug reporting form
> <noreply(at)postgresql(dot)org> wrote:
> >
> > This fails, seemingly because the RLS on 'bar' is being checked by alice,
> > instead of the view owner bob:
>
> Yes I agree, that appears to be a bug. The subquery in the RLS policy
> should be checked as the view owner -- i.e., we need to propagate the
> checkAsUser for the RTE with RLS to any subqueries in its RLS
> policies.
Agreed.
> It looks like the best place to fix it is in
> get_policies_for_relation(), since that's where all the policies to be
> applied for a given RTE are pulled together. Patch attached.
Yes, on a quick review, that looks like a good solution to me as well.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Munro | 2019-03-26 00:42:40 | Re: parallel query hangs - impossible to cancel |
Previous Message | Tom Lane | 2019-03-25 17:36:14 | Re: BUG #15703: Segfault in cancelled CALL-Statements |
From | Date | Subject | |
---|---|---|---|
Next Message | legrand legrand | 2019-03-25 20:30:45 | Re: Planning counters in pg_stat_statements (using pgss_store) |
Previous Message | Julien Rouhaud | 2019-03-25 20:03:45 | Re: Ordered Partitioned Table Scans |