Robert Haas <robertmhaas@gmail.com> writes:
> The documentation lists several documented limitations that I would
> like to analyze a little bit. First, it says that row-level security
> policies are not applied on UPDATE or DELETE. That sounds downright
> dangerous to me. Is there some really compelling reason we're not
> doing it?
[ blink... ] Isn't that a security hole big enough for a Mack truck?
UPDATE tab SET foo = foo RETURNING *;
sucks out all the data just fine, if RLS doesn't apply to it.
Having said that, I fear that sensible row-level security for updates is
at least one order of magnitude harder than sensible row-level security
for selects. We've speculated about how to define that in the past,
IIRC, but without any very satisfactory outcome.
regards, tom lane