On Thu, 21 Mar 2019 at 00:39, PG Bug reporting form <nore...@postgresql.org> wrote: > > This fails, seemingly because the RLS on 'bar' is being checked by alice, > instead of the view owner bob: >
Yes I agree, that appears to be a bug. The subquery in the RLS policy should be checked as the view owner -- i.e., we need to propagate the checkAsUser for the RTE with RLS to any subqueries in its RLS policies. It looks like the best place to fix it is in get_policies_for_relation(), since that's where all the policies to be applied for a given RTE are pulled together. Patch attached. Regards, Dean
rls-perm-check-fix.patch
Description: Binary data