ALTER TABLE .. FORCE ROW LEVEL SECURITY

To allow users to force RLS to always be applied, even for table owners, add ALTER TABLE .. FORCE ROW LEVEL SECURITY. row_security=off overrides FORCE ROW LEVEL SECURITY, to ensure pg_dump output is complete (by default). Also add SECURITY_NOFORCE_RLS context to avoid data corruption when ALTER TABLE .. FORCE ROW SECURITY is being used. The SECURITY_NOFORCE_RLS security context is used only during referential integrity checks and is only considered in check_enable_rls() after we have already checked that the current user is the owner of the relation (which should always be the case during referential integrity checks). Back-patch to 9.5 where RLS was added.
author: Stephen Frost <sfrost@snowman.net> 2015-10-04 21:05:18 -0400
committer: Stephen Frost <sfrost@snowman.net> 2015-10-04 21:05:18 -0400
commit: 90f334d2ca1a8bae2d0cd8a0898fb8ef90257565 (patch)
tree: 2619e5544fbeb3ae65c462a3a9dd3f1a97d8ca11 /src/include/nodes/parsenodes.h
parent: e78dc6b829219cacaccc59957b5375585e919099 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/include/nodes/parsenodes.h b/src/include/nodes/parsenodes.h
index d66a9aeb694..18bb075b3f3 100644
--- a/src/include/nodes/parsenodes.h
+++ b/src/include/nodes/parsenodes.h
@@ -1514,6 +1514,8 @@ typedef enum AlterTableType
 	AT_ReplicaIdentity,			/* REPLICA IDENTITY */
 	AT_EnableRowSecurity,		/* ENABLE ROW SECURITY */
 	AT_DisableRowSecurity,		/* DISABLE ROW SECURITY */
+	AT_ForceRowSecurity,		/* FORCE ROW SECURITY */
+	AT_NoForceRowSecurity,		/* NO FORCE ROW SECURITY */
 	AT_GenericOptions			/* OPTIONS (...) */
 } AlterTableType;
author	Stephen Frost <sfrost@snowman.net>	2015-10-04 21:05:18 -0400
committer	Stephen Frost <sfrost@snowman.net>	2015-10-04 21:05:18 -0400
commit	90f334d2ca1a8bae2d0cd8a0898fb8ef90257565 (patch)
tree	2619e5544fbeb3ae65c462a3a9dd3f1a97d8ca11 /src/include/nodes/parsenodes.h
parent	e78dc6b829219cacaccc59957b5375585e919099 (diff)