Re: more RLS oversights

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Noah Misch <noah(at)leadboat(dot)com>
Cc: Joe Conway <joe(dot)conway(at)crunchydata(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: more RLS oversights
Date: 2015-11-23 21:05:00
Message-ID: 20151123210500.GH3685@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Noah,

* Noah Misch (noah(at)leadboat(dot)com) wrote:
> On Tue, Jul 28, 2015 at 04:04:29PM -0700, Joe Conway wrote:
> > Pushed to HEAD and 9.5
>
> I reviewed this commit, f781a0f "Create a pg_shdepend entry for each role in
> TO clause of policies."

Thanks for the review!

> This commit rendered the
> http://www.postgresql.org/docs/devel/static/role-removal.html procedure[1]
> incomplete. Before dropping a role, one must additionally drop each policy
> mentioning the role in pg_policy.polroles:
>
> begin;
> create role alice;
> create table t (c int);
> grant select on table t to alice;
> create policy p0 on t to alice using (true);
> reassign owned by alice to current_user;
> drop owned by alice;
> drop role alice;
> rollback;
>
> shdepDropOwned() ignores SHARED_DEPENDENCY_POLICY entries. Should it instead
> remove the role from polroles, dropping the policy if that would empty
> polroles? (Which should change, the documented role-removal procedure or the
> DROP OWNED treatment of policies?)

I would expect the DROP OWNED treatment of policies to be similar to the
DROP OWNED treatment of GRANTs. I'm certainly of the opinion that this
is a bug which should be addressed. As an FYI, Joe's laptop recently
got stolen and he's working to get back up to speed as quickly as he
can. I've just put his new key into place on gitmaster (along with a
few other pginfra-related bits), but there's obviously a lot more for
him to be completely up and working again.

> Independently,
> http://www.postgresql.org/docs/devel/static/sql-drop-owned.html deserves an
> update since it discusses every other object type having role dependencies.

Agreed.

Thanks!

Stephen

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2015-11-23 21:15:07 Re: Re: In-core regression tests for replication, cascading, archiving, PITR, etc.
Previous Message Tom Lane 2015-11-23 20:14:56 Re: problem with msvc linker - cannot build orafce