Re: Fix RLS checks for UPDATE/DELETE FOR PORTION OF leftover rows

> On Jun 30, 2026, at 15:51, Ayush Tiwari <ayushtiwari(dot)slg01(at)gmail(dot)com> wrote:
>
> Hi,
>
> On Tue, 30 Jun 2026 at 13:16, Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> wrote:
> Hi,
>
> While revisiting “[8e72d914c] Add UPDATE/DELETE FOR PORTION OF”, I found a new issue where inserting leftover rows may skip row-level security checks.
>
> Please see if it is the same as this: PostgreSQL: Enforce INSERT RLS checks for FOR PORTION OF leftovers?
>
> If yes, it is already present in the PG 19 open list.
>
> Regards,
> Ayush

Thanks for pointing that out. I didn’t notice that thread.

Yes, that’s the same issue. I saw Paul wrote this there:
```
Skipping the RLS checks to insert the leftovers seems like the correct
behavior to me, since we are skipping the ACL checks (per the
standard). Shouldn't it be consistent?
I think the reason we skip the checks is that semantically, the
leftovers aren't changing anything: they are preserving the history
that is already there.
```

That explains why the ACL checks are skipped as stated in the doc, but I don’t think the same reasoning should apply to RLS checks. As I explained in my patch email, for example, directly inserting [70,100) is blocked by policy t_ins, but a user can work around that by inserting [1,100) and then updating [30,70), which seems like a security hole.

Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/