Make BYPASSRLS behave like superuser RLS bypass.
Noah Misch <noah@leadboat.com>
Make BYPASSRLS behave like superuser RLS bypass. Specifically, make its effect independent from the row_security GUC, and make it affect permission checks pertinent to views the BYPASSRLS role owns. The row_security GUC thereby ceases to change successful-query behavior; it can only make a query fail with an error. Back-patch to 9.5, where BYPASSRLS was introduced.
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/catalogs.sgml | modified | +3 −3 |
| doc/src/sgml/config.sgml | modified | +9 −16 |
| doc/src/sgml/ddl.sgml | modified | +6 −13 |
| doc/src/sgml/ref/create_role.sgml | modified | +3 −6 |
| src/backend/utils/misc/rls.c | modified | +12 −27 |
| src/include/catalog/pg_authid.h | modified | +1 −1 |
| src/test/regress/expected/rowsecurity.out | modified | +8 −6 |
| src/test/regress/sql/rowsecurity.sql | modified | +2 −4 |