diff --git a/src/backend/utils/misc/rls.c b/src/backend/utils/misc/rls.c index b6c1d75..4e7b4d1 100644 *** a/src/backend/utils/misc/rls.c --- b/src/backend/utils/misc/rls.c *************** check_enable_rls(Oid relid, Oid checkAsU *** 59,67 **** Oid user_id = checkAsUser ? checkAsUser : GetUserId(); /* Nothing to do for built-in relations */ ! if (relid < FirstNormalObjectId) return RLS_NONE; tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid)); if (!HeapTupleIsValid(tuple)) return RLS_NONE; --- 59,68 ---- Oid user_id = checkAsUser ? checkAsUser : GetUserId(); /* Nothing to do for built-in relations */ ! if (relid < (Oid) FirstNormalObjectId) return RLS_NONE; + /* Fetch relation's relrowsecurity and relforcerowsecurity flags */ tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid)); if (!HeapTupleIsValid(tuple)) return RLS_NONE; *************** check_enable_rls(Oid relid, Oid checkAsU *** 88,96 **** return RLS_NONE_ENV; /* ! * Table owners generally bypass RLS, except if row_security=true and the ! * table has been set (by an owner) to FORCE ROW SECURITY, and this is not ! * a referential integrity check. * * Return RLS_NONE_ENV to indicate that this decision depends on the * environment (in this case, the user_id). --- 89,97 ---- return RLS_NONE_ENV; /* ! * Table owners generally bypass RLS, except if the table has been set (by ! * an owner) to FORCE ROW SECURITY, and this is not a referential ! * integrity check. * * Return RLS_NONE_ENV to indicate that this decision depends on the * environment (in this case, the user_id). *************** check_enable_rls(Oid relid, Oid checkAsU *** 98,128 **** if (pg_class_ownercheck(relid, user_id)) { /* ! * If row_security=true and FORCE ROW LEVEL SECURITY has been set on ! * the relation then we return RLS_ENABLED to indicate that RLS should ! * still be applied. If we are in a SECURITY_NOFORCE_RLS context or if ! * row_security=false then we return RLS_NONE_ENV. * ! * The SECURITY_NOFORCE_RLS indicates that we should not apply RLS even ! * if the table has FORCE RLS set- IF the current user is the owner. ! * This is specifically to ensure that referential integrity checks are ! * able to still run correctly. * * This is intentionally only done after we have checked that the user * is the table owner, which should always be the case for referential * integrity checks. */ ! if (row_security && relforcerowsecurity && !InNoForceRLSOperation()) ! return RLS_ENABLED; ! else return RLS_NONE_ENV; } ! /* row_security GUC says to bypass RLS, but user lacks permission */ if (!row_security && !noError) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), ! errmsg("insufficient privilege to bypass row-level security"))); /* RLS should be fully enabled for this relation. */ return RLS_ENABLED; --- 99,130 ---- if (pg_class_ownercheck(relid, user_id)) { /* ! * If FORCE ROW LEVEL SECURITY has been set on the relation then we ! * should return RLS_ENABLED to indicate that RLS should be applied. ! * If not, or if we are in an InNoForceRLSOperation context, we return ! * RLS_NONE_ENV. * ! * InNoForceRLSOperation indicates that we should not apply RLS even ! * if the table has FORCE RLS set - IF the current user is the owner. ! * This is specifically to ensure that referential integrity checks ! * are able to still run correctly. * * This is intentionally only done after we have checked that the user * is the table owner, which should always be the case for referential * integrity checks. */ ! if (!relforcerowsecurity || InNoForceRLSOperation()) return RLS_NONE_ENV; } ! /* ! * We should apply RLS. However, the user may turn off the row_security ! * GUC to get a forced error instead. ! */ if (!row_security && !noError) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), ! errmsg("insufficient privilege to bypass row-level security"))); /* RLS should be fully enabled for this relation. */ return RLS_ENABLED;