Re: more RLS oversights

Noah,

* Noah Misch (noah(at)leadboat(dot)com) wrote:
> On Tue, Jul 28, 2015 at 04:04:29PM -0700, Joe Conway wrote:
> > Pushed to HEAD and 9.5
>
> I reviewed this commit, f781a0f "Create a pg_shdepend entry for each role in
> TO clause of policies."

Thanks for the review!

> This commit rendered the
> http://www.postgresql.org/docs/devel/static/role-removal.html procedure[1]
> incomplete. Before dropping a role, one must additionally drop each policy
> mentioning the role in pg_policy.polroles:
>
> begin;
> create role alice;
> create table t (c int);
> grant select on table t to alice;
> create policy p0 on t to alice using (true);
> reassign owned by alice to current_user;
> drop owned by alice;
> drop role alice;
> rollback;
>
> shdepDropOwned() ignores SHARED_DEPENDENCY_POLICY entries. Should it instead
> remove the role from polroles, dropping the policy if that would empty
> polroles? (Which should change, the documented role-removal procedure or the
> DROP OWNED treatment of policies?)

I would expect the DROP OWNED treatment of policies to be similar to the
DROP OWNED treatment of GRANTs. I'm certainly of the opinion that this
is a bug which should be addressed. As an FYI, Joe's laptop recently
got stolen and he's working to get back up to speed as quickly as he
can. I've just put his new key into place on gitmaster (along with a
few other pginfra-related bits), but there's obviously a lot more for
him to be completely up and working again.

> Independently,
> http://www.postgresql.org/docs/devel/static/sql-drop-owned.html deserves an
> update since it discusses every other object type having role dependencies.

Agreed.

Thanks!

Stephen