All,
Through continued testing, we've discovered an issue in the WITH CHECK OPTION code when it comes to column-level
privilegeswhich impacts 9.4.
It's pretty straight-forward, thankfully, but:
postgres=# create view myview
postgres-# with (security_barrier = true,
postgres-# check_option = 'local')
postgres-# as select * from passwd where username = current_user;
CREATE VIEW
postgres=# grant select (username) on myview to public;
GRANT
postgres=# grant update on myview to public;
GRANT
postgres=# set role alice;
SET
postgres=> update myview set username = 'joe';
ERROR: new row violates WITH CHECK OPTION for "myview"
DETAIL: Failing row contains (joe, abc).
Note that the entire failing tuple is returned, including the 'password' column, even though the 'alice' user does not
haveselect rights on that column.
The detail information is useful for debugging, but I believe we have to remove it from the error message.
Barring objections, and in the hopes of getting the next beta out the door soon, I'll move forward with this change
andback-patch it to 9.4 after a few hours (or I can do it tomorrow if there is contention; I don't know what, if any,
specificplans there are for the next beta, just that it's hopefully 'soon'). To hopefully shorten the discussion about
9.4,I'll clarify that I'm happy to discuss trying to re-work this in 9.5 to include what columns the user should be
ableto see (if there is consensus that we should do that at all) but I don't see that as a change which should be
back-patchedto 9.4 at this point given that we're trying to get it out the door.
Thanks!
Stephen