| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Cc: | Adam Guthrie <asguthrie(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: "plan should not reference subplan's variable" when using row level security |
| Date: | 2016-02-24 20:29:55 |
| Message-ID: | 20160224202954.GJ3127@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Adrian,
* Adrian Klaver (adrian(dot)klaver(at)aklaver(dot)com) wrote:
> I started to work through this when I realized the
> permissions/attributes of the role test are not shown. This seems to
> be important as the UPDATE example works if you run it immediately
> after:
>
> INSERT INTO b (id, a_id, text) VALUES (1, 1, 'one');
Not sure what you mean- the necessary permissions for the test role are
just the 'GRANT ALL ON ALL TABLES' which is included.
If you run the UPDATE immediately after the INSERT, then it's before
that GRANT and, more importantly, before the 'SET ROLE', meaning that
you're running it as the table owner, and the policy is ignored
(policies are not applied to the owner of the table, unless FORCE RLS is
used).
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Guthrie | 2016-02-24 20:35:04 | Re: "plan should not reference subplan's variable" when using row level security |
| Previous Message | Stephen Frost | 2016-02-24 20:27:51 | Re: "plan should not reference subplan's variable" when using row level security |