Home > mailing lists

BUG #13694: Row Level Security by-passed with CREATEUSER permission - Mailing list pgsql-bugs

From	justin.catterson@sofiebio.com
Subject	BUG #13694: Row Level Security by-passed with CREATEUSER permission
Date	October 21, 2015 20:25:14
Msg-id	20151021164233.3017.94954@wrigleys.postgresql.org Whole thread Raw
Responses	Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission (Joe Conway <mail@joeconway.com>)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      13694
Logged by:          Justin Catterson
Email address:      justin.catterson@sofiebio.com
PostgreSQL version: 9.5beta1
Operating system:   Ubuntu 14.10 x64
Description:

Users with the CREATEUSER permission do not evaluate Row Level Security
functions.  pg_user usebypassrls is set to false.

To repeat:
  CREATE POLICY ... WITH CHECK ((Select myFunction()))
  CREATE USER my_user;
  ALTER USER my_user WITH CREATEUSER;

Have myFunction() return a result of False;
   Update a record belonging to policy.

   Record will successfully update, when it should fail.

ALTER USER my_user WITH NOCREATEUSER;
   Update a record belonging to policy.
   Record will fail as expected.

pgsql-bugs by date:

From: n8vred@gmail.com
Date: 21 October 2015, 20:24:50
Subject: BUG #13692: Error when run silent installation whith alredy installed PG9.4

From: Joe Conway
Date: 21 October 2015, 21:05:18
Subject: Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission

BUG #13694: Row Level Security by-passed with CREATEUSER permission - Mailing list pgsql-bugs

Previous

Next