| From: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Craig Ringer <craig(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Row security violation error is misleading |
| Date: | 2015-04-22 14:09:04 |
| Message-ID: | CAEZATCU+4a7Xp6VY7ENm+iNQT92OHF71udAs=RahwMmrWm3x0g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 21 April 2015 at 22:21, Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> wrote:
> On 21 April 2015 at 20:50, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> Thanks a lot for this. Please take a look at the attached.
>
> I've given this a quick read-through, and it looks good to me. The
> interaction of permissive and restrictive policies from hooks matches
> my expections, and it's a definite improvement having tests for RLS
> hooks.
>
> The only thing I spotted was that the file comment for
> test_rls_hooks.c needs updating.
>
So re-reading this, I spotted what looks like another (pre-existing)
bug. In process_policies() there's a loop over all the policies,
collecting quals and with_check_quals, then a test at the end to use
the USING quals for the WITH CHECK quals if there were no
with_check_quals. I think we want to instead do that test inside the
loop -- i.e., for each policy, if there is no with_check_qual *for
that policy*, use it's USING qual instead.
Regards,
Dean
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Payal Singh | 2015-04-22 14:09:24 | Re: Idea: closing the loop for "pg_ctl reload" |
| Previous Message | Abhijit Menon-Sen | 2015-04-22 13:03:33 | Re: a fast bloat measurement tool (was Re: Measuring relation free space) |