Re: User with BYPASSRLS privilege can't change password

David G. Johnston <david.g.johnston@gmail.com>

From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Stephen Frost <sfrost@snowman.net>, Wolfgang Walther <walther@technowledgy.de>, PostgreSQL mailing lists <pgsql-bugs@lists.postgresql.org>
Date: 2020-11-03T19:13:13Z
Lists: pgsql-bugs
On Tue, Nov 3, 2020 at 12:06 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:

> "David G. Johnston" <david.g.johnston@gmail.com> writes:
> > Is the nuance that in reality a non-superuser cannot specify BypassRLS
> even
> > if the effective value is unchanged unimportant here?
>
> I was wondering about that.  You could definitely make a case for a
> weaker set of rules here.  However, the superuser restriction has been
> like that for 15-ish years without much complaint, so it doesn't seem
> that it bothers people in practice.
>
>
Agreed that the behavior seems fine to keep.  Was more about the
documentation saying "change" instead of "specify".

David J.

Commits

  1. Improve error messages around REPLICATION and BYPASSRLS properties.

  2. Allow users with BYPASSRLS to alter their own passwords.

  3. Row-Level Security Policies (RLS)