Make BYPASSRLS behave like superuser RLS bypass. Specifically, make its effect independent from the row_security GUC, and make it affect permission checks pertinent to views the BYPASSRLS role owns. The row_security GUC thereby ceases to change successful-query behavior; it can only make a query fail with an error. Back-patch to 9.5, where BYPASSRLS was introduced.
Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/3cb0a7e75aaa9a7826c769068970ce2200e61023 Modified Files -------------- doc/src/sgml/catalogs.sgml | 6 ++--- doc/src/sgml/config.sgml | 25 +++++++----------- doc/src/sgml/ddl.sgml | 19 +++++--------- doc/src/sgml/ref/create_role.sgml | 9 +++---- src/backend/utils/misc/rls.c | 39 +++++++++-------------------- src/include/catalog/pg_authid.h | 2 +- src/test/regress/expected/rowsecurity.out | 14 ++++++----- src/test/regress/sql/rowsecurity.sql | 6 ++--- 8 files changed, 44 insertions(+), 76 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
