On 12/17/2016 01:01 PM, Simon Charette wrote:
> Thanks a lot Joe, that seems to work!
Good to hear.
> I suppose this works because PostgreSQL cannot introspect the
> get_owner_id procedure to detect it's querying the "accounts" table
> and thus doesn't warn about possible infinite recursion?
Not exactly. RLS does not get applied to the superuser, and the
get_owner_id procedure was 1) SECURITY DEFINER, and 2) created/owned by
postgres. Thus the procedure executes without invoking the RLS policy
and avoids the infinite recursion.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development