Greetings,
* Dean Rasheed (dean.a.rasheed@gmail.com) wrote:
> On Thu, 21 Mar 2019 at 00:39, PG Bug reporting form
> <noreply@postgresql.org> wrote:
> >
> > This fails, seemingly because the RLS on 'bar' is being checked by alice,
> > instead of the view owner bob:
>
> Yes I agree, that appears to be a bug. The subquery in the RLS policy
> should be checked as the view owner -- i.e., we need to propagate the
> checkAsUser for the RTE with RLS to any subqueries in its RLS
> policies.
Agreed.
> It looks like the best place to fix it is in
> get_policies_for_relation(), since that's where all the policies to be
> applied for a given RTE are pulled together. Patch attached.
Yes, on a quick review, that looks like a good solution to me as well.
Thanks!
Stephen