Home > mailing lists

[DOCS] Row Level Security Policies documentation doesn't mention lack ofsupport for views - Mailing list pgsql-docs

From	deinspanjer@gmail.com
Subject	[DOCS] Row Level Security Policies documentation doesn't mention lack ofsupport for views
Date	June 29, 2017 20:25:11
Msg-id	20170629142511.1481.84436@wrigleys.postgresql.org Whole thread Raw
Responses	Re: [DOCS] Row Level Security Policies documentation doesn't mentionlack of support for views
List	pgsql-docs

Tree view

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/9.6/static/ddl-rowsecurity.html
Description:

The policy documentation page is great, and the example in it is very
informative, but I just discovered a major flaw in our implementation of it
that I would like to see mentioned in the documentation.

If you create a view on a table, any queries against the view are in the
context of the view creator rather than the actual current user.

So, in the example on the page, if the admin creates a view of the passwd
table and grants access to this view, alice would no longer be subject to
any of the RLS policies as long as she used the view instead of the real
table.

pgsql-docs by date:

From: mudit0201@gmail.com
Date: 29 June 2017, 18:23:30
Subject: [DOCS] Password encryption

From: Michael Paquier
Date: 30 June 2017, 04:38:24
Subject: Re: [DOCS] Password encryption

[DOCS] Row Level Security Policies documentation doesn't mention lack ofsupport for views - Mailing list pgsql-docs

Previous

Next