| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | justin(dot)catterson(at)sofiebio(dot)com, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Date: | 2015-10-21 18:17:44 |
| Message-ID: | 22555.1445451464@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
Joe Conway <mail(at)joeconway(dot)com> writes:
> On 10/21/2015 09:42 AM, justin(dot)catterson(at)sofiebio(dot)com wrote:
>> Users with the CREATEUSER permission do not evaluate Row Level Security
>> functions. pg_user usebypassrls is set to false.
> Not a bug. See
> http://www.postgresql.org/docs/9.5/static/sql-createrole.html
> "CREATEUSER
> NOCREATEUSER
> These clauses are an obsolete, but still accepted, spelling of
> SUPERUSER and NOSUPERUSER. Note that they are not equivalent to
> CREATEROLE as one might naively expect!"
I wonder if it's time yet to remove those keywords. We've had the
SUPERUSER spelling since 8.1, and this report should remind us that
people get confused by the old spellings.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-10-21 18:26:19 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Previous Message | Joe Conway | 2015-10-21 18:05:13 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2015-10-21 18:24:45 | Re: Freeze avoidance of very large table. |
| Previous Message | Joe Conway | 2015-10-21 18:05:13 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |