Home > mailing lists

Re: "plan should not reference subplan's variable" when using row level security - Mailing list pgsql-general

From	Stephen Frost
Subject	Re: "plan should not reference subplan's variable" when using row level security
Date	February 24, 2016 23:29:59
Msg-id	20160224202954.GJ3127@tamriel.snowman.net Whole thread Raw
In response to	Re: "plan should not reference subplan's variable" when using row level security (Adrian Klaver <adrian.klaver@aklaver.com>)
List	pgsql-general

Tree view

Adrian,

* Adrian Klaver (adrian.klaver@aklaver.com) wrote:
> I started to work through this when I realized the
> permissions/attributes of the role test are not shown. This seems to
> be important as the UPDATE example works if you run it immediately
> after:
>
> INSERT INTO b (id, a_id, text) VALUES (1, 1, 'one');

Not sure what you mean- the necessary permissions for the test role are
just the 'GRANT ALL ON ALL TABLES' which is included.

If you run the UPDATE immediately after the INSERT, then it's before
that GRANT and, more importantly, before the 'SET ROLE', meaning that
you're running it as the table owner, and the policy is ignored
(policies are not applied to the owner of the table, unless FORCE RLS is
used).

Thanks!

Stephen

Attachment

signature.asc

pgsql-general by date:

From: Stephen Frost
Date: 24 February 2016, 23:28:00
Subject: Re: "plan should not reference subplan's variable" when using row level security

From: Adam Guthrie
Date: 24 February 2016, 23:35:09
Subject: Re: "plan should not reference subplan's variable" when using row level security

Re: "plan should not reference subplan's variable" when using row level security - Mailing list pgsql-general

Attachment

Previous

Next