'{100, 100, 1, 100, 100}'),
('textcol', 'text',
'{>, >=, =, <=, <}',
- '{AAAAAA, AAAAAA, BNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAA, ZZAAAA, ZZAAAA}',
+ '{ABABAB, ABABAB, BNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAA, ZZAAAA, ZZAAAA}',
'{100, 100, 1, 100, 100}'),
('oidcol', 'oid',
'{>, >=, =, <=, <}',
RESET SESSION AUTHORIZATION;
SET row_security TO OFF;
SELECT * FROM t1 WHERE f_leak(b);
-NOTICE: f_leak => aaa
+NOTICE: f_leak => aba
NOTICE: f_leak => bbb
NOTICE: f_leak => ccc
NOTICE: f_leak => ddd
NOTICE: f_leak => zzz
a | b
---+-----
- 1 | aaa
+ 1 | aba
2 | bbb
3 | ccc
4 | ddd
SET SESSION AUTHORIZATION rls_regress_exempt_user;
SET row_security TO OFF;
SELECT * FROM t1 WHERE f_leak(b);
-NOTICE: f_leak => aaa
+NOTICE: f_leak => aba
NOTICE: f_leak => bbb
NOTICE: f_leak => ccc
NOTICE: f_leak => ddd
NOTICE: f_leak => zzz
a | b
---+-----
- 1 | aaa
+ 1 | aba
2 | bbb
3 | ccc
4 | ddd
RESET SESSION AUTHORIZATION;
SET row_security TO OFF;
SELECT * FROM t1 WHERE f_leak(b);
-NOTICE: f_leak => aaa
+NOTICE: f_leak => aba
NOTICE: f_leak => bbb
NOTICE: f_leak => ccc
NOTICE: f_leak => ddd
NOTICE: f_leak => zzz
a | b
---+-----
- 1 | aaa
+ 1 | aba
2 | bbb
3 | ccc
4 | ddd
EXECUTE p1(2);
a | b
---+-----
- 1 | aaa
+ 1 | aba
2 | bbb
1 | abc
2 | bcd
SELECT * FROM t1 ORDER BY a,b;
a | b
---+-------------
- 1 | aaa
+ 1 | aba
1 | abc
1 | xxx
2 | bbbbbb_updt
GRANT SELECT ON z1,z2 TO rls_regress_group1, rls_regress_group2,
rls_regress_user1, rls_regress_user2;
INSERT INTO z1 VALUES
- (1, 'aaa'),
+ (1, 'aba'),
(2, 'bbb'),
(3, 'ccc'),
(4, 'ddd');
SET SESSION AUTHORIZATION rls_regress_user2;
SELECT * FROM z1 WHERE f_leak(b);
-NOTICE: f_leak => aaa
+NOTICE: f_leak => aba
NOTICE: f_leak => ccc
a | b
---+-----
- 1 | aaa
+ 1 | aba
3 | ccc
(2 rows)
SET ROLE rls_regress_group2;
SELECT * FROM z1 WHERE f_leak(b);
-NOTICE: f_leak => aaa
+NOTICE: f_leak => aba
NOTICE: f_leak => ccc
a | b
---+-----
- 1 | aaa
+ 1 | aba
3 | ccc
(2 rows)
-- Query as role that is not owner of view or table. Should return all records.
SET SESSION AUTHORIZATION rls_regress_user1;
SELECT * FROM rls_view;
-NOTICE: f_leak => aaa
+NOTICE: f_leak => aba
NOTICE: f_leak => bbb
NOTICE: f_leak => ccc
NOTICE: f_leak => ddd
a | b
---+-----
- 1 | aaa
+ 1 | aba
2 | bbb
3 | ccc
4 | ddd
-- Query as view/table owner. Should return all records.
SET SESSION AUTHORIZATION rls_regress_user0;
SELECT * FROM rls_view;
-NOTICE: f_leak => aaa
+NOTICE: f_leak => aba
NOTICE: f_leak => bbb
NOTICE: f_leak => ccc
NOTICE: f_leak => ddd
a | b
---+-----
- 1 | aaa
+ 1 | aba
2 | bbb
3 | ccc
4 | ddd
'{100, 100, 1, 100, 100}'),
('textcol', 'text',
'{>, >=, =, <=, <}',
- '{AAAAAA, AAAAAA, BNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAA, ZZAAAA, ZZAAAA}',
+ '{ABABAB, ABABAB, BNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAABNAAAA, ZZAAAA, ZZAAAA}',
'{100, 100, 1, 100, 100}'),
('oidcol', 'oid',
'{>, >=, =, <=, <}',
GRANT ALL ON t1 TO public;
COPY t1 FROM stdin WITH (oids);
-101 1 aaa
+101 1 aba
102 2 bbb
103 3 ccc
104 4 ddd
rls_regress_user1, rls_regress_user2;
INSERT INTO z1 VALUES
- (1, 'aaa'),
+ (1, 'aba'),
(2, 'bbb'),
(3, 'ccc'),
(4, 'ddd');
projects / postgresql.git / commitdiff