2

While answering this question, I gave some (unfounded) advice on

create policy test_policy on policy for all to public using (
        user_id = session_user_id());

Btw, you should schema-qualify the session_user_id() call to make your policy actually secure, so that the user cannot inject their own session_user_id function through the search_path.

But is this actually the case? I had misremembered the search_path issue with SECURITY DEFINER functions.

How and when are row-level-security policies parsed? Are the references resolved during definition or during evaluation?

It would make sense to have identifiers in them be early-bound not late-bound, but I could not find anything in the docs about this.

Bergi
  • 630,263
  • 148
  • 957
  • 1,375
  • Take a look at [RLS policies](https://www.postgresql.org/docs/current/ddl-rowsecurity.html) four paragraphs down starting with "To specify which rows ..." and see if that answers your question. – Adrian Klaver Oct 24 '21 at 18:05
  • @AdrianKlaver No, it doesn't - that only talks about how and when the expressions are evaluated, not when they are being parsed. – Bergi Oct 24 '21 at 18:14

1 Answers1

1

Policy definitions are stored in pg_policy, where the USING clause is stored in the polqual column and the WITH CHECK expression is stored in polwithcheck.

Both columns are of data type pg_node_tree, which is a parsed SQL statement. So policies are parsed when they are created, not when they are executed, much like views or standard conforming SQL functions (new in v14). That means that the setting of search_path is only relevant when the policy is created, not when it is executed.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263