Re: more RLS oversights

On Tue, Jul 28, 2015 at 04:04:29PM -0700, Joe Conway wrote:
> On 07/27/2015 05:34 PM, Joe Conway wrote:
> > On 07/27/2015 01:13 PM, Alvaro Herrera wrote:
> >> Hmm, these are not ACL objects, so conceptually it seems cleaner
> >> to use a different symbol for this. I think the catalog state
> >> and the error messages would be a bit confusing otherwise.
> >
> > Ok -- done

> Pushed to HEAD and 9.5

I reviewed this commit, f781a0f "Create a pg_shdepend entry for each role in
TO clause of policies." This commit rendered the
http://www.postgresql.org/docs/devel/static/role-removal.html procedure[1]
incomplete. Before dropping a role, one must additionally drop each policy
mentioning the role in pg_policy.polroles:

begin;
create role alice;
create table t (c int);
grant select on table t to alice;
create policy p0 on t to alice using (true);
reassign owned by alice to current_user;
drop owned by alice;
drop role alice;
rollback;

shdepDropOwned() ignores SHARED_DEPENDENCY_POLICY entries. Should it instead
remove the role from polroles, dropping the policy if that would empty
polroles? (Which should change, the documented role-removal procedure or the
DROP OWNED treatment of policies?) Independently,
http://www.postgresql.org/docs/devel/static/sql-drop-owned.html deserves an
update since it discusses every other object type having role dependencies.

Thanks,
nm

[1] That page did not exist until 2015-10-07 (commit 1ea0c73), after the
commit I'm reviewing here.