Home > mailing lists

Re: BUG #15708: RLS 'using' running as wrong user when called from a view - Mailing list pgsql-bugs

From	Dean Rasheed
Subject	Re: BUG #15708: RLS 'using' running as wrong user when called from a view
Date	March 24, 2019 14:19:52
Msg-id	CAEZATCV-UjLxmzk7sZhiu9fMnOoaQwZ2frtUrsu0gwg_VZ8JMg@mail.gmail.com Whole thread Raw
In response to	BUG #15708: RLS 'using' running as wrong user when called from a view (PG Bug reporting form <noreply@postgresql.org>)
Responses	Re: BUG #15708: RLS 'using' running as wrong user when called from aview (Stephen Frost <sfrost@snowman.net>) Re: BUG #15708: RLS 'using' running as wrong user when called from aview (Stephen Frost <sfrost@snowman.net>)
List	pgsql-bugs

Tree view

On Thu, 21 Mar 2019 at 00:39, PG Bug reporting form
<noreply@postgresql.org> wrote:
>
> This fails, seemingly because the RLS on 'bar' is being checked by alice,
> instead of the view owner bob:
>

Yes I agree, that appears to be a bug. The subquery in the RLS policy
should be checked as the view owner -- i.e., we need to propagate the
checkAsUser for the RTE with RLS to any subqueries in its RLS
policies.

It looks like the best place to fix it is in
get_policies_for_relation(), since that's where all the policies to be
applied for a given RTE are pulled together. Patch attached.

Regards,
Dean

pgsql-bugs by date:

From: Christoph Berg
Date: 22 March 2019, 11:36:14
Subject: Re: BUG #15710: ADD COLUMN IF NOT EXISTS adds constraint anyways

From: PG Bug reporting form
Date: 25 March 2019, 11:39:57
Subject: BUG #15712: latency delay for first query execution in PostgreSQL DB 11

Re: BUG #15708: RLS 'using' running as wrong user when called from a view - Mailing list pgsql-bugs

Previous

Next