Home > mailing lists

Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission
Date	October 21, 2015 21:18:01
Msg-id	22555.1445451464@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission (Joe Conway <mail@joeconway.com>)
Responses	Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission (Stephen Frost <sfrost@snowman.net>) Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission (Andres Freund <andres@anarazel.de>) Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission (Justin Catterson <justin.catterson@sofiebio.com>)
List	pgsql-bugs

Tree view

Joe Conway <mail@joeconway.com> writes:
> On 10/21/2015 09:42 AM, justin.catterson@sofiebio.com wrote:
>> Users with the CREATEUSER permission do not evaluate Row Level Security
>> functions.  pg_user usebypassrls is set to false.

> Not a bug. See
>  http://www.postgresql.org/docs/9.5/static/sql-createrole.html

> "CREATEUSER
> NOCREATEUSER

>     These clauses are an obsolete, but still accepted, spelling of
> SUPERUSER and NOSUPERUSER. Note that they are not equivalent to
> CREATEROLE as one might naively expect!"

I wonder if it's time yet to remove those keywords.  We've had the
SUPERUSER spelling since 8.1, and this report should remind us that
people get confused by the old spellings.

            regards, tom lane

pgsql-bugs by date:

From: Joe Conway
Date: 21 October 2015, 21:05:18
Subject: Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission

From: Stephen Frost
Date: 21 October 2015, 21:26:23
Subject: Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission

Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission - Mailing list pgsql-bugs

Previous

Next