Re: RLS makes COPY TO process child tables

On Wed, 01 Feb 2023 11:47:23 -0500
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:

> Yugo NAGATA <nagata(at)sraoss(dot)co(dot)jp> writes:
> > Antonin Houska <ah(at)cybertec(dot)at> wrote:
> >> While working on [1] I noticed that if RLS gets enabled, the COPY TO command
> >> includes the contents of child table into the result, although the
> >> documentation says it should not:
>
> > I think this is a bug because the current behaviour is different from
> > the documentation.
>
> I agree, it shouldn't do that.
>
> > When RLS is enabled on a table in `COPY ... TO ...`, the query is converted
> > to `COPY (SELECT * FROM ...) TO ...` to allow the rewriter to add in RLS
> > clauses. This causes to dump the rows of child tables.
>
> Do we actually say that in so many words, either in the code or docs?
> If so, it ought to read `COPY (SELECT * FROM ONLY ...) TO ...`
> instead. (If we say that in the docs, then arguably the code *does*
> conform to the docs. But I don't see it in the COPY ref page at least.)

The documentation do not say that, but the current code actually do that.
Also, there is the following comment in BeginCopyTo().

* With row-level security and a user using "COPY relation TO", we
* have to convert the "COPY relation TO" to a query-based COPY (eg:
* "COPY (SELECT * FROM relation) TO"), to allow the rewriter to add
* in any RLS clauses.

Maybe, it is be better to change the description in the comment to
"COPY (SELECT * FROM ONLY relation) TO" when fixing the bug.

Regards,
Yugo Nagata

--
Yugo NAGATA <nagata(at)sraoss(dot)co(dot)jp>