projects / users / rhaas / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 22eaf35) | patch
Enforce ALL/SELECT policies in RETURNING for RLS
authorStephen Frost <sfrost@snowman.net>
Tue, 15 Sep 2015 19:49:31 +0000 (15:49 -0400)
committerStephen Frost <sfrost@snowman.net>
Tue, 15 Sep 2015 19:49:31 +0000 (15:49 -0400)
commit4f3b2a8883c47b6710152a8e157f8a02656d0e68
tree42a6608ea32f7d3cb1e69d73234ae2bdf4198d74tree
parent22eaf35c1d247407b7cf1fffb310a26cd9b9ceb1commit | diff
Enforce ALL/SELECT policies in RETURNING for RLS

For the UPDATE/DELETE RETURNING case, filter the records which are not
visible to the user through ALL or SELECT policies from those considered
for the UPDATE or DELETE.  This is similar to how the GRANT system
works, which prevents RETURNING unless the caller has SELECT rights on
the relation.

Per discussion with Robert, Dean, Tom, and Kevin.

Back-patch to 9.5 where RLS was introduced.
src/backend/rewrite/rowsecurity.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
Robert Haas's development tree.