Postgres Pro
Downloads
Home   >   mailing lists

Thread: pgsql: ALTER TABLE .. FORCE ROW LEVEL SECURITY

pgsql: ALTER TABLE .. FORCE ROW LEVEL SECURITY

From
Stephen Frost
Date:
ALTER TABLE .. FORCE ROW LEVEL SECURITY

To allow users to force RLS to always be applied, even for table owners,
add ALTER TABLE .. FORCE ROW LEVEL SECURITY.

row_security=off overrides FORCE ROW LEVEL SECURITY, to ensure pg_dump
output is complete (by default).

Also add SECURITY_NOFORCE_RLS context to avoid data corruption when
ALTER TABLE .. FORCE ROW SECURITY is being used. The
SECURITY_NOFORCE_RLS security context is used only during referential
integrity checks and is only considered in check_enable_rls() after we
have already checked that the current user is the owner of the relation
(which should always be the case during referential integrity checks).

Back-patch to 9.5 where RLS was added.

Branch
------
REL9_5_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/90f334d2ca1a8bae2d0cd8a0898fb8ef90257565

Modified Files
--------------
doc/src/sgml/catalogs.sgml                         |   10 ++
doc/src/sgml/ref/alter_table.sgml                  |   17 +++
src/backend/catalog/heap.c                         |    1 +
src/backend/commands/tablecmds.c                   |   40 +++++
src/backend/parser/gram.y                          |   14 ++
src/backend/utils/adt/ri_triggers.c                |    6 +-
src/backend/utils/init/miscinit.c                  |   18 ++-
src/backend/utils/misc/rls.c                       |   44 +++++-
src/bin/pg_dump/pg_dump.c                          |   20 ++-
src/bin/pg_dump/pg_dump.h                          |    1 +
src/bin/psql/describe.c                            |   44 +++---
src/include/catalog/catversion.h                   |    2 +-
src/include/catalog/pg_class.h                     |   72 ++++-----
src/include/miscadmin.h                            |    2 +
src/include/nodes/parsenodes.h                     |    2 +
.../modules/test_ddl_deparse/test_ddl_deparse.c    |    6 +
src/test/regress/expected/rowsecurity.out          |  156 ++++++++++++++++++++
src/test/regress/output/misc.source                |    3 +-
src/test/regress/sql/rowsecurity.sql               |  143 ++++++++++++++++++
19 files changed, 537 insertions(+), 64 deletions(-)