On 12/17/2016 02:04 PM, Stephen Frost wrote:
> Note that RLS won't be applied for the table owner either (unless the
> relation has 'FORCE RLS' enabled for it), so you don't have to have
> functions which are run as superuser to use the approach Joe
> recommended.
Good point, thanks, I should have
Simon,
* Simon Charette (charett...@gmail.com) wrote:
> Ahh makes sense, thanks for the explanation!
>
> I was assuming USING() clauses were executed in the context of the
> owner of the policy, by passing RLS.
No, as with views, a USING() clause is executed as the caller not the
owner of the re
Ahh makes sense, thanks for the explanation!
I was assuming USING() clauses were executed in the context of the
owner of the policy, by passing RLS.
2016-12-17 13:18 GMT-05:00 Joe Conway :
> On 12/17/2016 01:01 PM, Simon Charette wrote:
>> Thanks a lot Joe, that seems to work!
>
> Good to hear.
>
On 12/17/2016 01:01 PM, Simon Charette wrote:
> Thanks a lot Joe, that seems to work!
Good to hear.
> I suppose this works because PostgreSQL cannot introspect the
> get_owner_id procedure to detect it's querying the "accounts" table
> and thus doesn't warn about possible infinite recursion?
Not
Thanks a lot Joe, that seems to work!
I suppose this works because PostgreSQL cannot introspect the
get_owner_id procedure to detect it's querying the "accounts" table
and thus doesn't warn about possible infinite recursion?
Simon
2016-12-16 9:36 GMT-05:00 Joe Conway :
> On 12/16/2016 01:02 AM,
On 12/16/2016 01:02 AM, Simon Charette wrote:
> Unfortunately this will only return accounts matching the current_user's name.
>
> I would expect "SET ROLE foo; SELECT name FROM accounts" to return "foo" and
> "bar" and not only "foo" like your proposed solution would do.
Perhaps:
8<
tag, 16. Dezember 2016 07:02
> > To: Charles Clavadetscher
> > Cc: pgsql-general@postgresql.org
> > Subject: Re: [GENERAL] Recursive row level security policy
> >
> > Hello Charles,
> >
> > Unfortunately this will only return accounts matching the current_user&
Subject: Re: [GENERAL] Recursive row level security policy
>
> Hello Charles,
>
> Unfortunately this will only return accounts matching the current_user's name.
>
> I would expect "SET ROLE foo; SELECT name FROM accounts" to return "foo" and
> "bar&
16-12-16 0:57 GMT-05:00 Charles Clavadetscher :
> Hello
>
>> -Original Message-
>> From: pgsql-general-ow...@postgresql.org
>> [mailto:pgsql-general-ow...@postgresql.org] On Behalf Of Simon Charette
>> Sent: Freitag, 16. Dezember 2016 06:15
>> To: pgsql
Hello
> -Original Message-
> From: pgsql-general-ow...@postgresql.org
> [mailto:pgsql-general-ow...@postgresql.org] On Behalf Of Simon Charette
> Sent: Freitag, 16. Dezember 2016 06:15
> To: pgsql-general@postgresql.org
> Subject: [GENERAL] Recursive row level security
Hello there,
I'm not sure I'm posting to the appropriate mailing list so don't hesitate to
redirect me to the appropriate one.
I've been trying to setup a policy that allows "accounts" table rows to only be
seen by their owner by using the current_user to compare them by name.
Unfortunately it l
11 matches
Mail list logo
