| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Peter Geoghegan <pg(at)heroku(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: ON CONFLICT issues around whole row vars, |
| Date: | 2015-10-05 13:58:26 |
| Message-ID: | 20151005135826.GI3685@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > I had intended to address with policies what is addressed through
> > permissions with 7d8db3e, but the coverage for INSERT+RETURNING was only
> > done when ON CONFLICT was in use.
>
> > I've fixed that by applying the SELECT policies as WCOs for both the
> > INSERT and UPDATE RETURNING cases. This matches the permissions system,
> > where we require SELECT rights on the table for an INSERT RETURNING
> > query.
>
> What of DELETE RETURNING?
That was handled in 7d8db3e.
Per previous discussion, UPDATE and DELETE RETURNING apply SELECT
policies as security quals, meaning only the records visible through the
SELECT policy are eligible for consideration. INSERT+RETURNING has only
WithCheckOptions, no security quals, which is what makes it different
from the other cases. The INSERT+ON CONFLICT+RETURNING case had been
covered already and I had mistakenly thought it was also covering
INSERT+RETURNING. In fixing that, I realized that Peter makes a good
point that UPDATE+RETURNING should also have SELECT policies applied as
WithCheckOptions.
I'm about to push updated regression tests, as suggested by Andres.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2015-10-05 14:03:33 | Re: Freeze avoidance of very large table. |
| Previous Message | Tom Lane | 2015-10-05 13:51:31 | Re: [COMMITTERS] pgsql: Lower *_freeze_max_age minimum values. |