Re: Re: COPY FROM with RLS

From: jian he <jian(dot)universality(at)gmail(dot)com>
To: Yilin Zhang <jiezhilove(at)126(dot)com>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Re: COPY FROM with RLS
Date: 2026-07-13 08:13:58
Message-ID: CACJufxHU3tetCM+Qymxpj7-OLP8b6x3HJAnARadSrEAt64MHkg@mail.gmail.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jun 30, 2026 at 9:20 AM Yilin Zhang <jiezhilove(at)126(dot)com> wrote:
>
> Hi, I found another issue with the v2 patch.
> When running COPY FROM against a partitioned table with RLS enabled, ExecSetupPartitionTupleRouting gets invoked twice,
> which creates two separate sets of PartitionTupleRouting structures.
> One of these sets never gets cleaned up, and PostgreSQL’s ResourceOwner mechanism catches this and emits the following warnings:
>
> WARNING: resource was not closed: relation "rls_part_1"
> WARNING: resource was not closed: relation "rls_part_2"
>
> Best regards,
> --
> Yilin Zhang
>

Hi.
While v2 has extensive failure test cases, it doesn't have a single
successful test case,
that's why this issue wasn't found.
The 2 issues you reported are fixed in the attached v3.

Also, previously in v2:
+COPY r1 FROM STDIN WITH (DELIMITER ','); -- fail
+ERROR: new row violates row-level security policy "p2" for table "r1"
+CONTEXT: COPY r1, line 1: "4"

it's better to remove the CONTEXT line.
because ExecWithCheckOptions has comments like:
/*
* For WITH CHECK OPTIONs coming from views, we might be
* able to provide the details on the row, depending on
* the permissions on the relation (that is, if the user
* could view it directly anyway). For RLS violations, we
* don't include the data since we don't know if the user
* should be able to view the tuple as that depends on the
* USING policy.
*/

--
jian
https://www.enterprisedb.com/

Attachment Content-Type Size
v3-0001-COPY-FROM-with-RLS.patch text/x-patch 33.2 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Rui Zhao 2026-07-13 09:08:30 Re: allow spread checkpoints when changing checksums online
Previous Message Laurenz Albe 2026-07-13 07:49:09 Re: equalPolicy() doesn't compare the permissive flag