| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [COMMITTERS] pgsql: Row-Level Security Policies (RLS) |
| Date: | 2015-07-30 00:35:58 |
| Message-ID: | 55B9716E.5070602@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/01/2015 02:21 AM, Dean Rasheed wrote:
> While going through this, I spotted another issue --- in a DML
> query with additional non-target relations, such as UPDATE t1 ..
> FROM t2 .., the old code was checking the UPDATE policies of both
> t1 and t2, but really I think it ought to be checking the SELECT
> policies of t2 (in the same way as this query requires SELECT table
> permissions on t2, not UPDATE permissions). I've changed that and
> added new regression tests to test that change.
I assume the entire refactoring patch needs a fair bit of work to
rebase against current HEAD, but I picked out the attached to address
just the above issue. Does this look correct, and if so does it make
sense to apply at least this part right now?
Thanks,
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJVuXFuAAoJEDfy90M199hlOMkP/RZoBU0MJF64GjHfuLVa3T5w
PnDrnIoLBMOgOzkXrI+Ov0w0ESXltNvYjyIxkuyaB5PuoeDOdyYnnzbpPe7hH4pv
zDjSinJnfNmFEcm0UjBzuBiSH0dv52PEIToexTKu6SnjvH3Co/Hk4Ar2uZ0r7bRF
krl+Dd4kZX1uuRIigsSFqy873C79m3o11Szs5aW8c5od9adGxSvRHqZNf/UIDIbZ
CxAo0E3Tlw0DmGl1cw1tdN8gWMzmvx5dQ0ih3+0/hkVUqN9p3Pg8BGajSvxxFlb2
l4+6RZGUw5ZTpJxRZf/zPc4updhq0zf/Z5g7GUYddrhO29eLS6al2ySlb7HL5G9M
VPMjEzXuhFwhxSMdgHfz8UQh82KuNENMTKp81BvtIgZ7w86A9lWrKxCLaVMGhi8m
MnfCQ4cdOmnE2vEHi0Ue3Dg/rvYO8QpVW0JKDOdzoqPErC7to9vorXI5X3vcfLbF
fYfiJe6wUwbDEdxh/z0oKVFxWlf2NRk4pd+jZ7C+ibraLIwgEgZe7G4GEje5LxSP
h4zTfx0sj3IyrvqziurO/aZqIBXBZEsm3Gv6OQs26C5Xvkx/QmgROB42lHwcDYri
BTk6+uzNYKbX+kW56vEY0f0WMTLYZzc6jZRIVr3s+aLeyG0P9acY/n3uY1xBFCZZ
Xb7gmepAN3rY1CF7By9o
=e5hz
-----END PGP SIGNATURE-----
| Attachment | Content-Type | Size |
|---|---|---|
| 20150729.00-rls-non-tgt-rel-v0.patch | text/x-diff | 4.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2015-07-30 01:33:03 | pgsql: Add IF NOT EXISTS processing to ALTER TABLE ADD COLUMN |
| Previous Message | Joe Conway | 2015-07-29 22:41:35 | pgsql: Create new ParseExprKind for use by policy expressions. |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2015-07-30 00:41:10 | Re: Eliminating CREATE INDEX comparator TID tie-breaker overhead |
| Previous Message | Joe Conway | 2015-07-30 00:20:22 | Re: dblink: add polymorphic functions. |