Using custom marshallers on an insert input results in a new
"premarshal" function
that ignores JSON fields like omitempty.
This results in a bug where writers to a table also need write permissions on any related tables.
We have two tables: person and address.
The person table has a relationship to the address table.
- The
person-writerrole has full permissions on thepersontable. - The
address-readerrole has read permissions on theaddresstable. - The application uses both roles via an Inherited Role.
This is, at its core, a permissions bug.
Imagine a Postgres database where tables have relationships to each other, but each table requires different permissions.
In order to use an "insert input" for one table, you'll need write permissions for both tables, even if you only intend on inserting into one table and not the other.