Perform RLS subquery checks as the right user when going via a view. When accessing a table with RLS via a view, the RLS checks are performed as the view owner. However, the code neglected to propagate that to any subqueries in the RLS checks. Fix that by calling setRuleCheckAsUser() for all RLS policy quals and withCheckOption checks for RTEs with RLS.
Back-patch to 9.5 where RLS was added. Per bug #15708 from daurnimator. Discussion: https://postgr.es/m/15708-d65cab2ce9b17...@postgresql.org Branch ------ REL_11_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/157dcf534f8e12486d425d6c0d111c065fbbb841 Modified Files -------------- src/backend/rewrite/rowsecurity.c | 8 ++++++++ src/test/regress/expected/rowsecurity.out | 27 +++++++++++++++++++++++++++ src/test/regress/sql/rowsecurity.sql | 26 ++++++++++++++++++++++++++ 3 files changed, 61 insertions(+)