Home > mailing lists

Re: Bug: RLS policy FOR SELECT is used to check new rows - Mailing list pgsql-hackers

From	Dean Rasheed
Subject	Re: Bug: RLS policy FOR SELECT is used to check new rows
Date	November 9, 2023 18:59:20
Msg-id	CAEZATCVthTfNb8EaLiE=bJkn1yGiNx0m_ntLd2P39BHWD0UP3g@mail.gmail.com Whole thread Raw
In response to	Re: Bug: RLS policy FOR SELECT is used to check new rows (Laurenz Albe <laurenz.albe@cybertec.at>)
Responses	Re: Bug: RLS policy FOR SELECT is used to check new rows
List	pgsql-hackers

Tree view

On Thu, 9 Nov 2023 at 15:16, Laurenz Albe <laurenz.albe@cybertec.at> wrote:
>
> I have thought some more about this, and I believe that if FOR SELECT
> policies are used to check new rows, you should be allowed to specify
> WITH CHECK on FOR SELECT policies.  Why not allow a user to specify
> different conditions for fetching from a table and for new rows after
> an UPDATE?
>
> The attached patch does that.  What so you think?
>

So you'd be able to write policies that allowed you to do an
INSERT/UPDATE ... RETURNING, where the WITH CHECK part of the SELECT
policy allowed you see the new row, but then if you tried to SELECT it
later, the USING part of the policy might say no.

That seems pretty confusing. I would expect a row to either be visible
or not, consistently across all commands.

Regards,
Dean

pgsql-hackers by date:

From: "Drouvot, Bertrand"
Date: 09 November 2023, 18:45:57
Subject: Re: Synchronizing slots from primary to standby

From: Robert Haas
Date: 09 November 2023, 19:08:51
Subject: Re: SLRU optimization - configurable buffer pool and partitioning the SLRU lock

Re: Bug: RLS policy FOR SELECT is used to check new rows - Mailing list pgsql-hackers

Previous

Next