pgsql: ALTER TABLE .. FORCE ROW LEVEL SECURITY
| От | Stephen Frost |
|---|---|
| Тема | pgsql: ALTER TABLE .. FORCE ROW LEVEL SECURITY |
| Дата | |
| Msg-id | E1ZiuE0-0001YF-DV@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
ALTER TABLE .. FORCE ROW LEVEL SECURITY To allow users to force RLS to always be applied, even for table owners, add ALTER TABLE .. FORCE ROW LEVEL SECURITY. row_security=off overrides FORCE ROW LEVEL SECURITY, to ensure pg_dump output is complete (by default). Also add SECURITY_NOFORCE_RLS context to avoid data corruption when ALTER TABLE .. FORCE ROW SECURITY is being used. The SECURITY_NOFORCE_RLS security context is used only during referential integrity checks and is only considered in check_enable_rls() after we have already checked that the current user is the owner of the relation (which should always be the case during referential integrity checks). Back-patch to 9.5 where RLS was added. Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/088c83363a11200f2225f279d4a5c6cc6f9db3d2 Modified Files -------------- doc/src/sgml/catalogs.sgml | 10 ++ doc/src/sgml/ref/alter_table.sgml | 17 +++ src/backend/catalog/heap.c | 1 + src/backend/commands/tablecmds.c | 40 +++++ src/backend/parser/gram.y | 14 ++ src/backend/utils/adt/ri_triggers.c | 6 +- src/backend/utils/init/miscinit.c | 18 ++- src/backend/utils/misc/rls.c | 44 +++++- src/bin/pg_dump/pg_dump.c | 20 ++- src/bin/pg_dump/pg_dump.h | 1 + src/bin/psql/describe.c | 44 +++--- src/include/catalog/catversion.h | 2 +- src/include/catalog/pg_class.h | 72 ++++----- src/include/miscadmin.h | 2 + src/include/nodes/parsenodes.h | 2 + .../modules/test_ddl_deparse/test_ddl_deparse.c | 6 + src/test/regress/expected/rowsecurity.out | 156 ++++++++++++++++++++ src/test/regress/output/misc.source | 3 +- src/test/regress/sql/rowsecurity.sql | 143 ++++++++++++++++++ 19 files changed, 537 insertions(+), 64 deletions(-)
В списке pgsql-committers по дате отправления: