granicus.if.org Git - postgresql/commit

]> granicus.if.org Git - postgresql/commit

author	Stephen Frost <sfrost@snowman.net>
	Tue, 15 Sep 2015 19:49:40 +0000 (15:49 -0400)
committer	Stephen Frost <sfrost@snowman.net>
	Tue, 15 Sep 2015 19:49:40 +0000 (15:49 -0400)
commit	68b5201128c2d0c8a3a0051ff7c2534b037e1eab
tree	65c1136b6a74c96dcebe7ab99578af8caf08c770	tree \| snapshot
parent	23a4b897f731e1a2be7fe989a34016d7a6287148	commit \| diff

Enforce ALL/SELECT policies in RETURNING for RLS

For the UPDATE/DELETE RETURNING case, filter the records which are not
visible to the user through ALL or SELECT policies from those considered
for the UPDATE or DELETE. This is similar to how the GRANT system
works, which prevents RETURNING unless the caller has SELECT rights on
the relation.

Per discussion with Robert, Dean, Tom, and Kevin.

Back-patch to 9.5 where RLS was introduced.

src/backend/rewrite/rowsecurity.c		diff \| blob \| history
src/test/regress/expected/rowsecurity.out		diff \| blob \| history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom