Re: BUG #15708: RLS 'using' running as wrong user when called from a view

Поиск

Список

Период

Сортировка

От	Dean Rasheed
Тема	Re: BUG #15708: RLS 'using' running as wrong user when called from a view
Дата	24 марта 2019 г. 14:19:52
Msg-id	CAEZATCV-UjLxmzk7sZhiu9fMnOoaQwZ2frtUrsu0gwg_VZ8JMg@mail.gmail.com обсуждение исходный текст
Ответ на	BUG #15708: RLS 'using' running as wrong user when called from a view (PG Bug reporting form <noreply@postgresql.org>)
Ответы	Re: BUG #15708: RLS 'using' running as wrong user when called from aview Re: BUG #15708: RLS 'using' running as wrong user when called from aview
Список	pgsql-bugs

Дерево обсуждения

On Thu, 21 Mar 2019 at 00:39, PG Bug reporting form
<noreply@postgresql.org> wrote:
>
> This fails, seemingly because the RLS on 'bar' is being checked by alice,
> instead of the view owner bob:
>

Yes I agree, that appears to be a bug. The subquery in the RLS policy
should be checked as the view owner -- i.e., we need to propagate the
checkAsUser for the RTE with RLS to any subqueries in its RLS
policies.

It looks like the best place to fix it is in
get_policies_for_relation(), since that's where all the policies to be
applied for a given RTE are pulled together. Patch attached.

Regards,
Dean

В списке pgsql-bugs по дате отправления:

Предыдущее

От: Christoph Berg
Дата: 22 марта 2019 г., 11:36:14
Сообщение: Re: BUG #15710: ADD COLUMN IF NOT EXISTS adds constraint anyways

Следующее

От: PG Bug reporting form
Дата: 25 марта 2019 г., 11:39:57
Сообщение: BUG #15712: latency delay for first query execution in PostgreSQL DB 11

Вход в личный кабинет

Восстановление пароля

Подтверждение аккаунта

Изменение пароля

Re: BUG #15708: RLS 'using' running as wrong user when called from a view

Предыдущее

Следующее