| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Ted Toth <txtoth(at)gmail(dot)com> |
| Cc: | pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: 9.5rc1 RLS select policy on insert? |
| Date: | 2016-01-07 14:39:56 |
| Message-ID: | 20160107143956.GX3685@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ted,
Please don't top-post on these lists.
> On Wed, Jan 6, 2016 at 9:40 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > * Ted Toth (txtoth(at)gmail(dot)com) wrote:
> >> I see the insert policy check running but also the select policy using
> >> on insert. I don't understand why the select policy is being run.
> >> Could it possibly be related to using a sequence on the table?
> >
> > It's used when SELECT rights are required on the table, such as with an
> > INSERT .. RETURNING.
* Ted Toth (txtoth(at)gmail(dot)com) wrote:
> This happens on simple INSERTs no RETURNING.
You'll have to provide more information on what you're seeing.
I've just stepped through get_row_security_quals() for a simple INSERT
to a table and reviewed what ends up in securityQuals (it's NULL) and
withCheckOptions (it's the single boolean expression corresponding to
the INSERT policy defined on the table). The SELECT policy, which is
also defined on the table, is no where to be found in the results of
that call.
I was testing with:
=*> \d t1
Table "public.t1"
Column | Type | Modifiers
--------+---------+-----------
c1 | integer |
Policies:
POLICY "p1" FOR INSERT
WITH CHECK ((c1 > 5))
POLICY "p2" FOR SELECT
USING ((c1 < 5))
=*> insert into t1 values (6);
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2016-01-07 15:21:57 | Re: RAM of Postgres Server |
| Previous Message | Tom Lane | 2016-01-07 14:27:18 | Re: 9.5rc1 RLS select policy on insert? |