Re: ON CONFLICT issues around whole row vars,

On 2015-09-29 11:52:14 -0700, Peter Geoghegan wrote:
> On Tue, Sep 29, 2015 at 8:24 AM, Andres Freund <andres(at)anarazel(dot)de> wrote:
> > So, took a bit longer than "tomorrow. I fought for a long while with a
> > mysterious issue, which turned out to be separate bug: The excluded
> > relation was affected by row level security policies, which doesn't make
> > sense.
>
> Why? You certainly thought that it made sense for conventional column
> permissions due to potential problems with before row insert triggers.

I don't see how those compare:

> I specifically remember discussing this with you off list (on IM,
> roughly a couple of weeks prior to initial commit). I recommended that
> we err towards a more restrictive behavior in the absence of any
> strong principle pushing us one way or the other. You seemed to agree.

I don't think this really is comparable. Comparing this with a plain
INSERT or UPDATE this would be akin to running RLS on the RETURNING
tuple - which we currently don't.

I think this is was just a bug.

> I suppose that we have a tight enough grip on the targetlist that it's
> hard to imagine anything else being introduced there spuriously. I had
> thought that the pull-up did allow useful additional
> defense/sanitization, but that may not be an excellent argument. The
> only remaining argument is that my approach is closer to RETURNING,
> but that doesn't seem like an excellent argument.

I indeed don't think this is comparable to RETURNING - the pullup there
is into an actual querytree above unrelated relations.

Greetings,

Andres Freund