| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Joe Conway <mail(at)joeconway(dot)com>, justin(dot)catterson(at)sofiebio(dot)com, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Date: | 2015-10-21 18:26:19 |
| Message-ID: | 20151021182619.GX3685@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Joe Conway <mail(at)joeconway(dot)com> writes:
> > On 10/21/2015 09:42 AM, justin(dot)catterson(at)sofiebio(dot)com wrote:
> >> Users with the CREATEUSER permission do not evaluate Row Level Security
> >> functions. pg_user usebypassrls is set to false.
>
> > Not a bug. See
> > http://www.postgresql.org/docs/9.5/static/sql-createrole.html
>
> > "CREATEUSER
> > NOCREATEUSER
>
> > These clauses are an obsolete, but still accepted, spelling of
> > SUPERUSER and NOSUPERUSER. Note that they are not equivalent to
> > CREATEROLE as one might naively expect!"
>
> I wonder if it's time yet to remove those keywords. We've had the
> SUPERUSER spelling since 8.1, and this report should remind us that
> people get confused by the old spellings.
Probably past time, considering the obvious confusion to CREATEROLE and
NOCREATEROLE.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-10-21 18:26:39 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Previous Message | Tom Lane | 2015-10-21 18:17:44 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2015-10-21 18:26:39 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Previous Message | Jim Nasby | 2015-10-21 18:24:45 | Re: Freeze avoidance of very large table. |