Search Postgresql Archives

Re: Recursive row level security policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Simon,

* Simon Charette (charette.s@xxxxxxxxx) wrote:
> Ahh makes sense, thanks for the explanation!
> 
> I was assuming USING() clauses were executed in the context of the
> owner of the policy, by passing RLS.

No, as with views, a USING() clause is executed as the caller not the
owner of the relation.  Security Definer functions can be used to
execute actions in the policy as another user.

Note that RLS won't be applied for the table owner either (unless the
relation has 'FORCE RLS' enabled for it), so you don't have to have
functions which are run as superuser to use the approach Joe
recommended.

Thanks!

Stephen

Attachment: signature.asc
Description: Digital signature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux