Ahh makes sense, thanks for the explanation! I was assuming USING() clauses were executed in the context of the owner of the policy, by passing RLS. 2016-12-17 13:18 GMT-05:00 Joe Conway <mail@xxxxxxxxxxxxx>: > On 12/17/2016 01:01 PM, Simon Charette wrote: >> Thanks a lot Joe, that seems to work! > > Good to hear. > >> I suppose this works because PostgreSQL cannot introspect the >> get_owner_id procedure to detect it's querying the "accounts" table >> and thus doesn't warn about possible infinite recursion? > > Not exactly. RLS does not get applied to the superuser, and the > get_owner_id procedure was 1) SECURITY DEFINER, and 2) created/owned by > postgres. Thus the procedure executes without invoking the RLS policy > and avoids the infinite recursion. > > Joe > > -- > Crunchy Data - http://crunchydata.com > PostgreSQL Support for Secure Enterprises > Consulting, Training, & Open Source Development > -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
