Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission
| От | Justin Catterson |
|---|---|
| Тема | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission |
| Дата | |
| Msg-id | CAKOLKV_rWBVaxscWtD2K3QQuqQ2k5Pt0xz0y2Lr_0tTVjFvs9w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: BUG #13694: Row Level Security by-passed with CREATEUSER permission (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-bugs |
Thanks for the quick response, I had read the documentation but got a little confused with the phrasing. The option I wanted was CREATEROLE. "These clauses are an obsolete, but still accepted, spelling of SUPERUSER and NOSUPERUSER." I saw obsolete prior to reaching out, but I still did not understand these clauses had been replaced with SUPERUSER and NOSUPERUSER. Perhaps those options should be removed from the Synopsis to avoid tempting users. Overall good work, I am looking forward to this release. On Wed, Oct 21, 2015 at 11:17 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Joe Conway <mail@joeconway.com> writes: > > On 10/21/2015 09:42 AM, justin.catterson@sofiebio.com wrote: > >> Users with the CREATEUSER permission do not evaluate Row Level Security > >> functions. pg_user usebypassrls is set to false. > > > Not a bug. See > > http://www.postgresql.org/docs/9.5/static/sql-createrole.html > > > "CREATEUSER > > NOCREATEUSER > > > These clauses are an obsolete, but still accepted, spelling of > > SUPERUSER and NOSUPERUSER. Note that they are not equivalent to > > CREATEROLE as one might naively expect!" > > I wonder if it's time yet to remove those keywords. We've had the > SUPERUSER spelling since 8.1, and this report should remind us that > people get confused by the old spellings. > > regards, tom lane >
В списке pgsql-bugs по дате отправления: