From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | deinspanjer(at)gmail(dot)com |
Cc: | pgsql-docs(at)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net> |
Subject: | Re: Row Level Security Policies documentation doesn't mention lack of support for views |
Date: | 2017-08-31 00:09:10 |
Message-ID: | 20170831000910.GA28535@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs |
Stephen, is there anything missing in our docs related this issue?
---------------------------------------------------------------------------
On Thu, Jun 29, 2017 at 02:25:11PM +0000, deinspanjer(at)gmail(dot)com wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/9.6/static/ddl-rowsecurity.html
> Description:
>
> The policy documentation page is great, and the example in it is very
> informative, but I just discovered a major flaw in our implementation of it
> that I would like to see mentioned in the documentation.
>
> If you create a view on a table, any queries against the view are in the
> context of the view creator rather than the actual current user.
>
> So, in the example on the page, if the admin creates a view of the passwd
> table and grants access to this view, alice would no longer be subject to
> any of the RLS policies as long as she used the view instead of the real
> table.
>
> --
> Sent via pgsql-docs mailing list (pgsql-docs(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-docs
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2017-08-31 00:26:03 | Re: Row Level Security Policies documentation doesn't mention lack of support for views |
Previous Message | Dave Cramer | 2017-08-30 18:53:10 | Re: Details of how temp_buffers are actually used would be nice |