| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Rod Taylor <rod(dot)taylor(at)gmail(dot)com> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Row Level Security UPDATE Confusion |
| Date: | 2017-04-14 11:51:01 |
| Message-ID: | 20170414115101.GX9812@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Rod,
* Rod Taylor (rod(dot)taylor(at)gmail(dot)com) wrote:
> Then there is a bug in the simpler statement which happily lets you give
> away records.
>
> CREATE POLICY simple_all ON t TO simple USING (value > 0) WITH CHECK (true);
>
> SET session authorization simple;
> SELECT * FROM t;
> UPDATE t SET value = value * -1 WHERE value = 1;
> -- No error and value is -1 at the end.
Hm, that does seem like it's not matching up with the intent, likely
because it's an 'ALL' policy instead of individual policies.
Out of curiosity, is there a particular use-case here that you're
working towards, or just testing it out to see how it works?
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Petr Jelinek | 2017-04-14 12:14:13 | Re: Interval for launching the table sync worker |
| Previous Message | Rod Taylor | 2017-04-14 11:41:13 | Re: Row Level Security UPDATE Confusion |