PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID15708
PG Version11.2
OSlinux
Opened2019-03-20 23:53:56+00
Reported byDaurnimator
StatusNew

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      15708
Logged by:          Daurnimator
Email address:      (redacted)
PostgreSQL version: 11.2
Operating system:   linux
Description:        

(from https://gist.github.com/daurnimator/b1d2c16359e346a466b3093ae2757acf
)

This fails, seemingly because the RLS on 'bar' is being checked by alice,
instead of the view owner bob:
```sql
create role alice;

create table bar(a integer);
alter table bar enable row level security;
create table qux(b integer);

create role bob;
create policy blahblah on bar to bob
	using(exists(select 1 from qux));
grant select on table bar to bob;
grant select on table qux to bob;

create view foo as select * from bar;
alter view foo owner to bob;
grant select on table foo to alice;
-- grant select on table qux to alice; -- shouldn't be required

set role alice;
select * from foo;
```

```
$ psql -f rls_trouble.sql 
CREATE ROLE
CREATE TABLE
ALTER TABLE
CREATE TABLE
CREATE ROLE
CREATE POLICY
GRANT
GRANT
CREATE VIEW
ALTER VIEW
GRANT
SET
psql:rls_trouble.sql:18: ERROR: permission denied for table qux
```

If we add an indirection via another view, then I get the result I
expected...
```sql
create role alice;

create table bar(a integer);
alter table bar enable row level security;
create table qux(b integer);

-- if we add a layer of indirection it works.... wat?
create view indirection as select * from bar;

create role bob;
create policy blahblah on bar to bob
	using(exists(select 1 from qux));
grant select on table bar to bob;
grant select on table indirection to bob;
grant select on table qux to bob;

create view foo as select * from indirection;
alter view foo owner to bob;
grant select on table foo to alice;

set role alice;
select * from foo;
```

Messages

DateAuthorSubject
2019-03-20 23:53:56+00PG Bug reporting formBUG #15708: RLS 'using' running as wrong user when called from a view
2019-03-24 11:19:52+00Dean RasheedRe: BUG #15708: RLS 'using' running as wrong user when called from a view
2019-03-25 20:27:23+00Stephen FrostRe: BUG #15708: RLS 'using' running as wrong user when called from a view
2019-03-27 12:46:29+00Dean RasheedRe: BUG #15708: RLS 'using' running as wrong user when called from a view
2019-04-29 03:56:02+00DaurnimatorRe: BUG #15708: RLS 'using' running as wrong user when called from a view
2019-04-29 07:49:32+00Dean RasheedRe: BUG #15708: RLS 'using' running as wrong user when called from a view