Re: [v9.3] Row-Level Security
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Alvaro Herrera <alvherre@2ndquadrant.com>, Kohei KaiGai <kaigai@kaigai.gr.jp>, Dean Rasheed <dean.a.rasheed@gmail.com>, Florian Pflug <fgp@phlo.org>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2012-10-22T16:17:33Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes: > The documentation lists several documented limitations that I would > like to analyze a little bit. First, it says that row-level security > policies are not applied on UPDATE or DELETE. That sounds downright > dangerous to me. Is there some really compelling reason we're not > doing it? [ blink... ] Isn't that a security hole big enough for a Mack truck? UPDATE tab SET foo = foo RETURNING *; sucks out all the data just fine, if RLS doesn't apply to it. Having said that, I fear that sensible row-level security for updates is at least one order of magnitude harder than sensible row-level security for selects. We've speculated about how to define that in the past, IIRC, but without any very satisfactory outcome. regards, tom lane