Enforce ALL/SELECT policies in RETURNING for RLS For the UPDATE/DELETE RETURNING case, filter the records which are not visible to the user through ALL or SELECT policies from those considered for the UPDATE or DELETE. This is similar to how the GRANT system works, which prevents RETURNING unless the caller has SELECT rights on the relation.
Per discussion with Robert, Dean, Tom, and Kevin. Back-patch to 9.5 where RLS was introduced. Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/4f3b2a8883c47b6710152a8e157f8a02656d0e68 Modified Files -------------- src/backend/rewrite/rowsecurity.c | 47 +++++++++++++++++++++++++++ src/test/regress/expected/rowsecurity.out | 50 ++++++++++++++++------------- 2 files changed, 74 insertions(+), 23 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
