pgsql: Enforce ALL/SELECT policies in RETURNING for RLS

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема pgsql: Enforce ALL/SELECT policies in RETURNING for RLS
Дата
Msg-id E1ZbwEg-0004Cz-Qv@gemulon.postgresql.org
обсуждение исходный текст
Список pgsql-committers
Дерево обсуждения 
Enforce ALL/SELECT policies in RETURNING for RLS

For the UPDATE/DELETE RETURNING case, filter the records which are not
visible to the user through ALL or SELECT policies from those considered
for the UPDATE or DELETE.  This is similar to how the GRANT system
works, which prevents RETURNING unless the caller has SELECT rights on
the relation.

Per discussion with Robert, Dean, Tom, and Kevin.

Back-patch to 9.5 where RLS was introduced.

Branch
------
REL9_5_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/68b5201128c2d0c8a3a0051ff7c2534b037e1eab

Modified Files
--------------
src/backend/rewrite/rowsecurity.c         |   47 +++++++++++++++++++++++++++
src/test/regress/expected/rowsecurity.out |   50 ++++++++++++++++-------------
2 files changed, 74 insertions(+), 23 deletions(-)

В списке pgsql-committers по дате отправления:

Предыдущее
От: Stephen Frost
Дата:
Сообщение: pgsql: RLS refactoring
Следующее
От: Tom Lane
Дата:
Сообщение: Re: pgsql: RLS refactoring