| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>, Peter Geoghegan <pg(at)heroku(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: RLS fails to work with UPDATE ... WHERE CURRENT OF |
| Date: | 2015-07-14 12:59:42 |
| Message-ID: | CA+TgmoZsCux4Kbj3+r11Tn5bfV_AqVLndpw0NRUipWO=ORZgrQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jul 9, 2015 at 5:47 PM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 06/08/2015 02:08 AM, Dean Rasheed wrote:
>> Actually I think it is fixable just by allowing the CURRENT OF
>> expression to be pushed down into the subquery through the
>> security barrier view. The planner is then guaranteed to generate a
>> TID scan, filtering by any other RLS quals, which ought to be the
>> optimal plan. Patch attached.
>
> This looks good to me. I have tested and don't find any issues with
> it. Will commit in a day or so unless someone has objections.
Is this fix needed in all versions that support security barrier
views, or just in 9.5 and 9.6 that have RLS specifically?
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-07-14 13:01:54 | Re: Improving log capture of TAP tests with IPC::Run |
| Previous Message | Robert Haas | 2015-07-14 12:57:55 | Re: security labels on databases are bad for dump & restore |