| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | justin(dot)catterson(at)sofiebio(dot)com, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Date: | 2015-10-21 18:05:13 |
| Message-ID: | 5627D3D9.8080409@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
On 10/21/2015 09:42 AM, justin(dot)catterson(at)sofiebio(dot)com wrote:
> The following bug has been logged on the website:
>
> Bug reference: 13694
> Logged by: Justin Catterson
> Email address: justin(dot)catterson(at)sofiebio(dot)com
> PostgreSQL version: 9.5beta1
> Operating system: Ubuntu 14.10 x64
> Description:
>
> Users with the CREATEUSER permission do not evaluate Row Level Security
> functions. pg_user usebypassrls is set to false.
Not a bug. See
http://www.postgresql.org/docs/9.5/static/sql-createrole.html
"CREATEUSER
NOCREATEUSER
These clauses are an obsolete, but still accepted, spelling of
SUPERUSER and NOSUPERUSER. Note that they are not equivalent to
CREATEROLE as one might naively expect!"
And:
http://www.postgresql.org/docs/9.5/static/ddl-rowsecurity.html
"Table owners, superusers, and roles with the BYPASSRLS attribute bypass
the row security system when querying a table."
HTH,
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-10-21 18:17:44 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Previous Message | justin.catterson | 2015-10-21 16:42:33 | BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-10-21 18:17:44 | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Previous Message | Jim Nasby | 2015-10-21 17:33:55 | Change behavior of (m)xid_age |