sql: Block IMPORT statements for RLS tables #136807
Assignees
Labels
A-sql-privileges
SQL privilege handling and permission checks.
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
T-sql-foundations
SQL Foundations Team (formerly SQL Schema + SQL Sessions)
v25.2.0-prerelease
Comments
spilchen
added
C-enhancement
37 tasks
|
I want to allow the COPY command now since it does go through the query engine. I verified that we still enforce RLS policies. Given this, I'll pivot and add tests to ensure policies are properly enforced. We still want to block IMPORT though. A PR for that should be coming soon. |
spilchen
changed the title
spilchen
added a commit
to spilchen/cockroach
that referenced
this issue
Feb 21, 2025
Tables enabled for row-level security (RLS) have policies that restrict which rows can be added. Since IMPORT bypasses the query engine where these policies are enforced, we need to block IMPORT INTO for RLS tables. There is one exception: admin users can still run this command, as RLS policies are not enforced for administrators. Epic: CRDB-45203 Release note: none Informs cockroachdb#136807
spilchen
added a commit
to spilchen/cockroach
that referenced
this issue
Feb 25, 2025
Tables enabled for row-level security (RLS) have policies that restrict which rows can be added. Since IMPORT bypasses the query engine where these policies are enforced, we need to block IMPORT INTO for RLS tables. There is one exception: admin users can still run this command, as RLS policies are not enforced for administrators. Epic: CRDB-45203 Release note: none Informs cockroachdb#136807
craig bot
pushed a commit
that referenced
this issue
Feb 25, 2025
141844: sql/importer: Block IMPORT INTO on RLS tables r=spilchen a=spilchen Tables enabled for row-level security (RLS) have policies that restrict which rows can be added. Since IMPORT bypasses the query engine where these policies are enforced, we need to block IMPORT INTO for RLS tables. There is one exception: admin users can still run this command, as RLS policies are not enforced for administrators. Epic: CRDB-45203 Release note: none Informs #136807 Co-authored-by: Matt Spilchen <[email protected]>
craig bot
pushed a commit
that referenced
this issue
Mar 20, 2025
142983: workload/schemachange: improve diagnostics for unique constraint failures r=spilchen a=spilchen Previously, when adding a unique constraint to a table, failures due to duplicate key checks were diagnosed by comparing table row counts against a DISTINCT check. However, when this failed, it provided little insight into the cause. This change improves diagnostics by modifying the query to explicitly extract the components of the check, ensuring they are included in test logs. This additional context will make debugging easier if the issue recurs. Closes #142458 Epic: none Release note: none 143066: sql/copy: validate RLS policies for COPY FROM r=spilchen a=spilchen COPY FROM goes through the optbuilder, applying any applicable row-level security (RLS) policies. This commit adds tests to ensure that RLS policies are correctly enforced for COPY FROM. Additionally, a stale comment in logic.go has been removed. The COPY FROM tests originally resided in logic tests before being moved to the sql/copy package. Closes #136807 Epic: CRDB-45203 Release note: none Co-authored-by: Matt Spilchen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Data ingestion methods other than INSERT could inadvertently bypass RLS policy enforcement. To align with PostgreSQL behavior, we will prevent IMPORT
and COPYoperations on tables with row-level security (RLS) enabled.PostgreSQL returns an error similar to this,
which we should replicate:Jira issue: CRDB-45262
The text was updated successfully, but these errors were encountered: