From: | adudnik(at)gmail(dot)com |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | BUG #14060: row security policy does not work for updatable views |
Date: | 2016-04-02 20:01:06 |
Message-ID: | 20160402200106.2623.11425@wrigleys.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 14060
Logged by: Artur Dudnik
Email address: adudnik(at)gmail(dot)com
PostgreSQL version: 9.5.1
Operating system: Windows
Description:
-- row security policy does not work for updatable views.
-- usage scenario:
-- 1. make a table
-- 2. enable row security for a role
-- 3. create view for restricted table
-- 4. grant to restricted role select and update for view and table
-- expected behavior - view and table could select/update same records
-- bug behavior - view return/update all rows (policy ignored) and
security_barrier too
set role postgres;
CREATE TABLE t AS SELECT n, 'secret'||n AS secret FROM generate_series(1,20)
n;
create role test;
grant select, update on t to test;
ALTER TABLE t ENABLE ROW LEVEL SECURITY;
CREATE POLICY t_all ON t TO test USING (n % 2 = 1);
CREATE VIEW t_odd WITH (security_barrier) AS SELECT * FROM t ;
CREATE VIEW t2_odd AS SELECT * FROM t ;
CREATE VIEW t3_odd WITH (security_barrier) AS SELECT * FROM t where n % 2 =
1;
grant select, update on t_odd to test;
grant select, update on t2_odd to test;
grant select, update on t3_odd to test;
set role test;
update t3_odd set secret = '!!!' where n in (2, 1);
select * from t3_odd;
update t_odd set secret = '!!!' where n in (4, 3);
select * from t_odd;
update t2_odd set secret = '!!!' where n in (6, 5);
select * from t2_odd;
set role postgres;
select * from t;
drop view t_odd cascade;
drop view t2_odd cascade;
drop table t cascade;
drop role test;
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2016-04-03 01:40:06 | Re: BUG #14060: row security policy does not work for updatable views |
Previous Message | 德哥 | 2016-04-02 16:13:05 | Re: BUG #14059: BUG? function in select clause called more times when use offset |