Ahh makes sense, thanks for the explanation!
I was assuming USING() clauses were executed in the context of the
owner of the policy, by passing RLS.
2016-12-17 13:18 GMT-05:00 Joe Conway <mail@joeconway.com>:
> On 12/17/2016 01:01 PM, Simon Charette wrote:
>> Thanks a lot Joe, that seems to work!
>
> Good to hear.
>
>> I suppose this works because PostgreSQL cannot introspect the
>> get_owner_id procedure to detect it's querying the "accounts" table
>> and thus doesn't warn about possible infinite recursion?
>
> Not exactly. RLS does not get applied to the superuser, and the
> get_owner_id procedure was 1) SECURITY DEFINER, and 2) created/owned by
> postgres. Thus the procedure executes without invoking the RLS policy
> and avoids the infinite recursion.
>
> Joe
>
> --
> Crunchy Data - http://crunchydata.com
> PostgreSQL Support for Secure Enterprises
> Consulting, Training, & Open Source Development
>
