Re: CREATE POLICY bug ?
| От | Dean Rasheed |
|---|---|
| Тема | Re: CREATE POLICY bug ? |
| Дата | |
| Msg-id | CAEZATCWqKjzFZAkXOafAn+Mo5y3xZe_pCxzgUDrjwH=biZFD=A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: CREATE POLICY bug ? (Dean Rasheed <dean.a.rasheed@gmail.com>) |
| Список | pgsql-hackers |
[Please reply to the list, not just to me, so that others can benefit from and contribute to the discussion] On 31 August 2016 at 11:52, Andrea Adami <fol@fulcro.net> wrote: > Thnaks Dean, i did further investigations: > i set the owner of the view to: "manager@scuola247.it" with: > ALTER TABLE public.policy_view OWNER TO "manager@scuola247.it"; > and i thinking to see from the select: > select * from policy_view > the rows: 1,2,3 > then > set role 'manager@scuola247.it'; > select * from policy_view; > return rows 1,2,3 as expected but: > set role 'teacher@scuola247.it'; > select * from policy_view; > returns rows 4,5 and > set role 'postgres' > select * from policy_view > return nothing ... > what you thinking about ? > > Andrea That's correct. With the table owned by postgres and the view owned by "manager@scuola247.it", access to the table via the view is subject to the policies that apply to "manager@scuola247.it". So regardless of who the current user is, when selecting from the view, the policy "standard" will be applied, and that will limit the visible rows to those for which usr = current_user. Regards, Dean
В списке pgsql-hackers по дате отправления: