| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Make BYPASSRLS behave like superuser RLS bypass. |
| Date: | 2015-10-04 00:24:54 |
| Message-ID: | E1ZiX6k-0003XG-QC@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Make BYPASSRLS behave like superuser RLS bypass.
Specifically, make its effect independent from the row_security GUC, and
make it affect permission checks pertinent to views the BYPASSRLS role
owns. The row_security GUC thereby ceases to change successful-query
behavior; it can only make a query fail with an error. Back-patch to
9.5, where BYPASSRLS was introduced.
Branch
------
REL9_5_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/01ba7894f3f72ea57d1cfdc4f40f6231bc6cd9cd
Modified Files
--------------
doc/src/sgml/catalogs.sgml | 6 ++---
doc/src/sgml/config.sgml | 25 +++++++-----------
doc/src/sgml/ddl.sgml | 19 +++++---------
doc/src/sgml/ref/create_role.sgml | 9 +++----
src/backend/utils/misc/rls.c | 39 +++++++++--------------------
src/include/catalog/pg_authid.h | 2 +-
src/test/regress/expected/rowsecurity.out | 14 ++++++-----
src/test/regress/sql/rowsecurity.sql | 6 ++---
8 files changed, 44 insertions(+), 76 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-10-04 01:22:07 | pgsql: First-draft release notes for 9.4.5, 9.3.10, 9.2.14, 9.1.19, 9.0 |
| Previous Message | Andres Freund | 2015-10-03 19:32:10 | pgsql: Add missed CREATE EXTENSION ... CASCADE regression test adjustme |