David, Bruce,
* David G. Johnston (david.g.johnston@gmail.com) wrote:
> The CREATE VIEW documentation links to
>
> https://www.postgresql.org/docs/9.6/static/rules-privileges.html
>
> which covers this dynamic in considerable detail (and there is a blurb on
> the CREATE VIEW page as well), and specifically:
>
> "Relations that are used due to rules get checked against the privileges of
> the rule owner, not the user invoking the rule."
>
> It does feel like an additional blurb about views and a link to the above
> page would be warranted on the ddl-rowsecurity.html page.
I tend to agree, almost always, that additional documentation is a
benefit. The only drawback to it is that, sometimes, we end up saying
the same thing too much and that leads to readers skipping past
important sections.
I do think we need to provide more documentation around how views and
our privilege system work as I find that the question comes up somewhat
regularly. Note that this isn't RLS specific, but applies to both the
GRANT system and RLS- views are executed as the user of the view and not
with the privileges of the view user.
I can certainly try to help with crafting additional documentation
around this once I'm back from PostgresOpen in San Francisco next week.
Thanks!
Stephen