Home > mailing lists

Re: RLS fails to work with UPDATE ... WHERE CURRENT OF - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: RLS fails to work with UPDATE ... WHERE CURRENT OF
Date	July 14, 2015 15:59:48
Msg-id	CA+TgmoZsCux4Kbj3+r11Tn5bfV_AqVLndpw0NRUipWO=ORZgrQ@mail.gmail.com Whole thread Raw
In response to	Re: RLS fails to work with UPDATE ... WHERE CURRENT OF (Joe Conway <mail@joeconway.com>)
Responses	Re: RLS fails to work with UPDATE ... WHERE CURRENT OF
List	pgsql-hackers

Tree view

On Thu, Jul 9, 2015 at 5:47 PM, Joe Conway <mail@joeconway.com> wrote:
> On 06/08/2015 02:08 AM, Dean Rasheed wrote:
>> Actually I think it is fixable just by allowing the CURRENT OF
>> expression to be pushed down into the subquery through the
>> security barrier view. The planner is then guaranteed to generate a
>> TID scan, filtering by any other RLS quals, which ought to be the
>> optimal plan. Patch attached.
>
> This looks good to me. I have tested and don't find any issues with
> it. Will commit in a day or so unless someone has objections.

Is this fix needed in all versions that support security barrier
views, or just in 9.5 and 9.6 that have RLS specifically?

-- 
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Robert Haas
Date: 14 July 2015, 15:58:01
Subject: Re: security labels on databases are bad for dump & restore

From: Robert Haas
Date: 14 July 2015, 16:02:06
Subject: Re: Improving log capture of TAP tests with IPC::Run

Re: RLS fails to work with UPDATE ... WHERE CURRENT OF - Mailing list pgsql-hackers

Previous

Next