BUG #15708: RLS 'using' running as wrong user when called from a view
The Post Office <noreply@postgresql.org>
From: PG Bug reporting form <noreply@postgresql.org>
To: pgsql-bugs@lists.postgresql.org
Cc: quae@daurnimator.com
Date: 2019-03-20T23:53:56Z
Lists: pgsql-bugs, pgsql-hackers
The following bug has been logged on the website: Bug reference: 15708 Logged by: Daurnimator Email address: quae@daurnimator.com PostgreSQL version: 11.2 Operating system: linux Description: (from https://gist.github.com/daurnimator/b1d2c16359e346a466b3093ae2757acf ) This fails, seemingly because the RLS on 'bar' is being checked by alice, instead of the view owner bob: ```sql create role alice; create table bar(a integer); alter table bar enable row level security; create table qux(b integer); create role bob; create policy blahblah on bar to bob using(exists(select 1 from qux)); grant select on table bar to bob; grant select on table qux to bob; create view foo as select * from bar; alter view foo owner to bob; grant select on table foo to alice; -- grant select on table qux to alice; -- shouldn't be required set role alice; select * from foo; ``` ``` $ psql -f rls_trouble.sql CREATE ROLE CREATE TABLE ALTER TABLE CREATE TABLE CREATE ROLE CREATE POLICY GRANT GRANT CREATE VIEW ALTER VIEW GRANT SET psql:rls_trouble.sql:18: ERROR: permission denied for table qux ``` If we add an indirection via another view, then I get the result I expected... ```sql create role alice; create table bar(a integer); alter table bar enable row level security; create table qux(b integer); -- if we add a layer of indirection it works.... wat? create view indirection as select * from bar; create role bob; create policy blahblah on bar to bob using(exists(select 1 from qux)); grant select on table bar to bob; grant select on table indirection to bob; grant select on table qux to bob; create view foo as select * from indirection; alter view foo owner to bob; grant select on table foo to alice; set role alice; select * from foo; ```
Commits
-
Perform RLS subquery checks as the right user when going via a view.
- 2e606d0ad798 9.5.17 landed
- 1b9a2f458b36 9.6.13 landed
- db4bc99948bf 10.8 landed
- 157dcf534f8e 11.3 landed
- e2d28c0f4047 12.0 landed