* Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost <sfr...@snowman.net> writes: > > I had intended to address with policies what is addressed through > > permissions with 7d8db3e, but the coverage for INSERT+RETURNING was only > > done when ON CONFLICT was in use. > > > I've fixed that by applying the SELECT policies as WCOs for both the > > INSERT and UPDATE RETURNING cases. This matches the permissions system, > > where we require SELECT rights on the table for an INSERT RETURNING > > query. > > What of DELETE RETURNING?
That was handled in 7d8db3e. Per previous discussion, UPDATE and DELETE RETURNING apply SELECT policies as security quals, meaning only the records visible through the SELECT policy are eligible for consideration. INSERT+RETURNING has only WithCheckOptions, no security quals, which is what makes it different from the other cases. The INSERT+ON CONFLICT+RETURNING case had been covered already and I had mistakenly thought it was also covering INSERT+RETURNING. In fixing that, I realized that Peter makes a good point that UPDATE+RETURNING should also have SELECT policies applied as WithCheckOptions. I'm about to push updated regression tests, as suggested by Andres. Thanks! Stephen
signature.asc
Description: Digital signature
