aboutsummaryrefslogtreecommitdiff
path: root/src/test/regress/sql/rowsecurity.sql
diff options
context:
space:
mode:
Diffstat (limited to 'src/test/regress/sql/rowsecurity.sql')
-rw-r--r--src/test/regress/sql/rowsecurity.sql23
1 files changed, 20 insertions, 3 deletions
diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql
index 303a893a2c6..e086e85fc05 100644
--- a/src/test/regress/sql/rowsecurity.sql
+++ b/src/test/regress/sql/rowsecurity.sql
@@ -1624,13 +1624,30 @@ DROP FUNCTION op_leak(int, int);
RESET SESSION AUTHORIZATION;
DROP TABLE rls_tbl;
-DROP USER regress_rls_alice;
-DROP USER regress_rls_bob;
+-- Bug #16006: whole-row Vars in a policy don't play nice with sub-selects
+SET SESSION AUTHORIZATION regress_rls_alice;
+CREATE TABLE rls_tbl (a int, b int, c int);
+CREATE POLICY p1 ON rls_tbl USING (rls_tbl >= ROW(1,1,1));
+
+ALTER TABLE rls_tbl ENABLE ROW LEVEL SECURITY;
+ALTER TABLE rls_tbl FORCE ROW LEVEL SECURITY;
+
+INSERT INTO rls_tbl SELECT 10, 20, 30;
+EXPLAIN (VERBOSE, COSTS OFF)
+INSERT INTO rls_tbl
+ SELECT * FROM (SELECT b, c FROM rls_tbl ORDER BY a) ss;
+INSERT INTO rls_tbl
+ SELECT * FROM (SELECT b, c FROM rls_tbl ORDER BY a) ss;
+SELECT * FROM rls_tbl;
+
+DROP TABLE rls_tbl;
+RESET SESSION AUTHORIZATION;
--
-- Clean up objects
--
-RESET SESSION AUTHORIZATION;
+DROP USER regress_rls_alice;
+DROP USER regress_rls_bob;
-- Suppress NOTICE messages when doing a cascaded drop.
SET client_min_messages TO 'warning';
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 03:35:51 +0000