David, Bruce, * David G. Johnston (david.g.johns...@gmail.com) wrote: > The CREATE VIEW documentation links to > > https://www.postgresql.org/docs/9.6/static/rules-privileges.html > > which covers this dynamic in considerable detail (and there is a blurb on > the CREATE VIEW page as well), and specifically: > > "Relations that are used due to rules get checked against the privileges of > the rule owner, not the user invoking the rule." > > It does feel like an additional blurb about views and a link to the above > page would be warranted on the ddl-rowsecurity.html page.
I tend to agree, almost always, that additional documentation is a benefit. The only drawback to it is that, sometimes, we end up saying the same thing too much and that leads to readers skipping past important sections. I do think we need to provide more documentation around how views and our privilege system work as I find that the question comes up somewhat regularly. Note that this isn't RLS specific, but applies to both the GRANT system and RLS- views are executed as the user of the view and not with the privileges of the view user. I can certainly try to help with crafting additional documentation around this once I'm back from PostgresOpen in San Francisco next week. Thanks! Stephen
signature.asc
Description: Digital signature
