Re: RLS makes COPY TO process child tables

Greetings,

* Yugo NAGATA (nagata(at)sraoss(dot)co(dot)jp) wrote:
> On Wed, 01 Feb 2023 11:47:23 -0500
> Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> > Yugo NAGATA <nagata(at)sraoss(dot)co(dot)jp> writes:
> > > Antonin Houska <ah(at)cybertec(dot)at> wrote:
> > >> While working on [1] I noticed that if RLS gets enabled, the COPY TO command
> > >> includes the contents of child table into the result, although the
> > >> documentation says it should not:
> >
> > > I think this is a bug because the current behaviour is different from
> > > the documentation.
> >
> > I agree, it shouldn't do that.

Yeah, I agree based on what the COPY table TO docs say should be
happening.

> > > When RLS is enabled on a table in `COPY ... TO ...`, the query is converted
> > > to `COPY (SELECT * FROM ...) TO ...` to allow the rewriter to add in RLS
> > > clauses. This causes to dump the rows of child tables.
> >
> > Do we actually say that in so many words, either in the code or docs?
> > If so, it ought to read `COPY (SELECT * FROM ONLY ...) TO ...`
> > instead. (If we say that in the docs, then arguably the code *does*
> > conform to the docs. But I don't see it in the COPY ref page at least.)
>
> The documentation do not say that, but the current code actually do that.
> Also, there is the following comment in BeginCopyTo().
>
> * With row-level security and a user using "COPY relation TO", we
> * have to convert the "COPY relation TO" to a query-based COPY (eg:
> * "COPY (SELECT * FROM relation) TO"), to allow the rewriter to add
> * in any RLS clauses.
>
> Maybe, it is be better to change the description in the comment to
> "COPY (SELECT * FROM ONLY relation) TO" when fixing the bug.

Yeah, that should also be updated. Perhaps you'd send an updated patch
which includes fixing that too and maybe adds clarifying documentation
to COPY which mentions what happens when RLS is enabled on the relation?

I'm not sure if this makes good sense to back-patch.

Thanks,

Stephen