Postgres Pro
Downloads
Home   >   mailing lists

Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission - Mailing list pgsql-bugs

From Joe Conway
Subject Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission
Date
Msg-id 5627D3D9.8080409@joeconway.com
Whole thread Raw
In response to BUG #13694: Row Level Security by-passed with CREATEUSER permission  (justin.catterson@sofiebio.com)
Responses Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-bugs
Tree view 
On 10/21/2015 09:42 AM, justin.catterson@sofiebio.com wrote:
> The following bug has been logged on the website:
>=20
> Bug reference:      13694
> Logged by:          Justin Catterson
> Email address:      justin.catterson@sofiebio.com
> PostgreSQL version: 9.5beta1
> Operating system:   Ubuntu 14.10 x64
> Description:       =20
>=20
> Users with the CREATEUSER permission do not evaluate Row Level Security=

> functions.  pg_user usebypassrls is set to false.

Not a bug. See
 http://www.postgresql.org/docs/9.5/static/sql-createrole.html

"CREATEUSER
NOCREATEUSER

    These clauses are an obsolete, but still accepted, spelling of
SUPERUSER and NOSUPERUSER. Note that they are not equivalent to
CREATEROLE as one might naively expect!"

And:
 http://www.postgresql.org/docs/9.5/static/ddl-rowsecurity.html

"Table owners, superusers, and roles with the BYPASSRLS attribute bypass
the row security system when querying a table."

HTH,

Joe

--=20
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

pgsql-bugs by date:

Previous
From: justin.catterson@sofiebio.com
Date:
Subject: BUG #13694: Row Level Security by-passed with CREATEUSER permission
Next
From: Tom Lane
Date:
Subject: Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission