pgsql: RLS: Keep deny policy when only restrictive exist
| От | Stephen Frost |
|---|---|
| Тема | pgsql: RLS: Keep deny policy when only restrictive exist |
| Дата | |
| Msg-id | E1ZMLU5-0005Su-Pt@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
RLS: Keep deny policy when only restrictive exist Only remove the default deny policy when a permissive policy exists (either from the hook or defined by the user). If only restrictive policies exist then no rows will be visible, as restrictive policies shouldn't make rows visible. To address this requirement, a single "USING (true)" permissive policy can be created. Update the test_rls_hooks regression tests to create the necessary "USING (true)" permissive policy. Back-patch to 9.5 where RLS was added. Per discussion with Dean. Branch ------ REL9_5_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/8f439658524d4a3566682ff9e25d4791c5498e53 Modified Files -------------- src/backend/rewrite/rowsecurity.c | 14 ++++++++++---- .../modules/test_rls_hooks/expected/test_rls_hooks.out | 7 +++++++ src/test/modules/test_rls_hooks/sql/test_rls_hooks.sql | 8 ++++++++ src/test/modules/test_rls_hooks/test_rls_hooks.c | 5 +++++ 4 files changed, 30 insertions(+), 4 deletions(-)
В списке pgsql-committers по дате отправления: