Re: [PATCH] Add reloption for views to enable RLS

Wolfgang Walther <walther@technowledgy.de>

From: walther@technowledgy.de
To: Laurenz Albe <laurenz.albe@cybertec.at>, pgsql-hackers@postgresql.org
Date: 2022-02-15T08:24:28Z
Lists: pgsql-hackers
Laurenz Albe:
> So even though the view owner "duff" has no permissions
> on the schema "viewtest", we can still select from the table.
> Permissions on the schema containing the table are not
> checked, only permissions on the table itself.
> 
> I am not sure how to feel about this.  It is not what I would have
> expected, but changing it would be a compatibility break.
> Should this be considered a live bug in PostgreSQL?

I now found the docs to say:


USAGE:
For schemas, allows access to objects contained in the schema (assuming 
that the objects' own privilege requirements are also met). Essentially 
this allows the grantee to “look up” objects within the schema. Without 
this permission, it is still possible to see the object names, e.g., by 
querying system catalogs. Also, after revoking this permission, existing 
sessions might have statements that have previously performed this 
lookup, so this is not a completely secure way to prevent object access.


So, this seems to be perfectly fine.

Best

Wolfgang



Commits

  1. Add support for security invoker views.

  2. Replace use of deprecated Python module distutils.sysconfig