Use security_invoker views for temporary views created in the new schema
#179
Assignees
Labels
bug
Something isn't working
documentation
Improvements or additions to documentation
enhancement
New feature or request
Comments
|
Thank you for bringing this up! I agree we should document better this and other limitations, happy to take a first stab at that. Adding Also, really looking forward to knowing more about your plans for Kysely integration, this is great to hear! It seems there is enough interest on integrating ORMs & query builders across the board, and it’s something we want to look into: #166 |
exekias
added
bug
andrew-farries
added a commit
that referenced
this issue
Oct 18, 2023
Ensure that views (in Postgres 15 and 16) are created with `security_invoker = true`. This ensures that any row-level security on the underlying table is applied according to the permissions of the invoker of the view rather than its owner. Postgres 14 does not support the creation of views with `security_invoker = true`. See: * https://www.depesz.com/2022/03/22/waiting-for-postgresql-15-add-support-for-security-invoker-views/ * https://www.cybertec-postgresql.com/en/view-permissions-and-row-level-security-in-postgresql/ Closes #179
andrew-farries
added a commit
that referenced
this issue
Nov 8, 2023
Add a section covering the limitations of `pgroll` and row level security policies in Postgres 14. [[Direct link](https://github.com/xataio/pgroll/blob/document-rls/docs/README.md#supported-postgres-versions)] Relates to #179
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First, thanks for introducing this library - it's great to have, and I'm planning on contributing some extra tooling around it, specifically an integration with Kysely.
I think there's a bug (I haven't verified it, but just believe it's there from reading the code), that the views on the new schema that point to the tables in the old schema are created using the default security setting, which is similar to security definer.
This means that during the transition phase, row level security on the underlying tables will be bypassed by the views created by pgroll.
In order to make sure that accessing the old schema and new schema are the same,
create view view_name with (security_invoker = true) as ....should be used.See this article on the PG 15 release for more info: https://www.depesz.com/2022/03/22/waiting-for-postgresql-15-add-support-for-security-invoker-views/
I think that pgroll should also have some documented limitation on this potential "gotcha" in versions before Postgres 15, and potentially even error if there's no way around it (if there is an RLS policy on a table and the version is 14, which I see is supported).
Thanks again for all your work, super excited for what it means for the ecosystem!
The text was updated successfully, but these errors were encountered: