| From: | Rod Taylor <rod(dot)taylor(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | RLS in CTE incorrect permission failure |
| Date: | 2017-06-21 23:39:20 |
| Message-ID: | CAHz80e6vjn3WdbK35u8Txk6=TyrcvPwU2gQeoc7jwLWvazVEjQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
In the attached script, the second insert into t2 (as part of the CTE)
should succeed. My actual use case isn't much more complex; the function is
used primarily to allow peaking at columns that the function definer has
access to but a typical user does not. Function also makes it easy to copy
this policy to a number of structures.
The function within the policy doesn't seem to be able to see records
inserted by earlier statements in the CTE. Perhaps this is as simple as
adding a command counter increment in the right place?
Fails in 9.5.7 and HEAD.
--
Rod Taylor
| Attachment | Content-Type | Size |
|---|---|---|
| cte_rls_fail.sql | application/sql | 1.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2017-06-21 23:40:48 | Re: PATCH: Batch/pipelining support for libpq |
| Previous Message | Tom Lane | 2017-06-21 23:02:03 | PG 10beta2 schedule |