Thread: pgsql: Make BYPASSRLS behave like superuser RLS bypass.

pgsql: Make BYPASSRLS behave like superuser RLS bypass.

From

Noah Misch

Date:

04 October 2015, 03:25:01

Make BYPASSRLS behave like superuser RLS bypass.

Specifically, make its effect independent from the row_security GUC, and
make it affect permission checks pertinent to views the BYPASSRLS role
owns.  The row_security GUC thereby ceases to change successful-query
behavior; it can only make a query fail with an error.  Back-patch to
9.5, where BYPASSRLS was introduced.

Branch
------
REL9_5_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/01ba7894f3f72ea57d1cfdc4f40f6231bc6cd9cd

Modified Files
--------------
doc/src/sgml/catalogs.sgml                |    6 ++---
doc/src/sgml/config.sgml                  |   25 +++++++-----------
doc/src/sgml/ddl.sgml                     |   19 +++++---------
doc/src/sgml/ref/create_role.sgml         |    9 +++----
src/backend/utils/misc/rls.c              |   39 +++++++++--------------------
src/include/catalog/pg_authid.h           |    2 +-
src/test/regress/expected/rowsecurity.out |   14 ++++++-----
src/test/regress/sql/rowsecurity.sql      |    6 ++---
8 files changed, 44 insertions(+), 76 deletions(-)