On 12/17/2016 01:01 PM, Simon Charette wrote: > Thanks a lot Joe, that seems to work!
Good to hear. > I suppose this works because PostgreSQL cannot introspect the > get_owner_id procedure to detect it's querying the "accounts" table > and thus doesn't warn about possible infinite recursion? Not exactly. RLS does not get applied to the superuser, and the get_owner_id procedure was 1) SECURITY DEFINER, and 2) created/owned by postgres. Thus the procedure executes without invoking the RLS policy and avoids the infinite recursion. Joe -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development
signature.asc
Description: OpenPGP digital signature
