| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: row_security GUC does not behave as documented |
| Date: | 2016-01-04 03:00:50 |
| Message-ID: | 26427.1451876450@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> On Sunday, January 3, 2016, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> The fine manual says that when row_security is set to off, "queries fail
>> which would otherwise apply at least one policy". However, a look at
>> check_enable_rls() says that that is a true statement only when the user
>> is not table owner. If the user *is* table owner, turning off
>> row_security seems to amount to just silently disabling RLS, even for
>> tables with FORCE ROW LEVEL SECURITY.
>>
>> I am not sure if this is a documentation bug or a code bug, but it
>> sure looks to be one or the other.
> The original reason for changing how row_security works was to avoid a
> change in behavior based on a GUC changing. As such, I'm thinking that has
> to be a code bug, as otherwise it would be a behavior change due to a GUC
> being changed in the FORCE RLS case for table owners.
Well, I tried changing the code to act the way I gather it should, and
it breaks a whole bunch of regression test cases. See attached.
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| fix-table-owner-row-security.patch | text/x-diff | 4.2 KB |
| regression.diffs | text/plain | 2.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2016-01-04 03:01:18 | Re: Broken lock management in policy.c. |
| Previous Message | Stephen Frost | 2016-01-04 02:41:20 | Re: Broken lock management in policy.c. |